RE: What are the questions I should ask.

• Previous message: Jac: "OpenBSD IPSec tunnels"
• In reply to: Shaun Sturby: "RE: What are the questions I should ask."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Sarbjit Singh Gill" <ssgill@gilltechnologies.com>
To: "Shaun Sturby" <shaun@optrics.com>, "'security-basics'" <security-basics@securityfocus.com>
Date: Tue, 6 Aug 2002 07:55:19 +0800

Greetings,

I think I must clarify about my original mail on "What are the questions I
should ask?".

What I mean is what questions should I ask my clients before I can make a
decision on the type of SYSlog mgmt system I could recommend to them. I
guess when it comes to syslog mgmt products, I know enough after reading the
archived articles and discussions about which syslog mgmt is better and in
what way.

But what do I do when I am introduced to a company which I know nothing
about (I mean their architecture, bandwidth etc). Of course I would have to
ask them a series of question to understand their current situation,
network, setup, requirements etc. Therefore, what would this questions be?

This questions are for my client, so I could understand better their current
problems with syslog management.

I think the questions listed down by your email replies are for me to
evaluate the kind of syslog mgmt product.

Sorry for confusion.

Kind Regards
Gill

-----Original Message-----
From: Shaun Sturby [mailto:shaun@optrics.com]
Sent: Saturday, August 03, 2002 12:42 AM
To: ssgill@gilltechnologies.com; 'security-basics'
Subject: RE: What are the questions I should ask.

There are a lot of very good Syslog daemons both free and for a modest fee.

Here are some questions I would ask.
1. What platform does it run under? If you are more familiar with Windows or
*nix then go for one that works on that platform.
2. What database does it log to? Flat text file or RDMS? The performance,
reports and tools used are very different for each.
3. Ease of use? Can you setup reports or a portal so that you don't have to
manually generate every report that management wants.
4. Support? How much free support and how much for fee support? How easy is
it to update?
5. Does it do more than act as a dumb dropoff? Can the system send out
alerts based on what is being logged?

All *nix have a syslog daemon as this is where this idea started. If you
want to roll your own go with some secure *nix like Open or Free BSD
www.openbsd.org www.freebsd.org or what every your most familiar with but be
prepared to do a lot of reading.

For a Windows based one do a Google search or check out LogALot from Somix.
www.somix.com/products/logalot/ They have an online demo available and it
does everything I would want a syslog system to do.

Shaun Sturby, MCSE
Network Specialist
Optrics Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Optrics Inc. and FundSoft - Canadian Ipswitch Premier Partners
Email: shaun@optrics.com Website: <http://www.optrics.com>
Snail: Suite 100 4911 - 114 St. Edmonton, AB, Canada, T6H 3L5
Tel:(780) 466-6016 Toll Free: 1-877-386-3763 Fax:(780) 432-5630
Solutions for a Connected World: <http://www.optrics.com/linecard.htm>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill@gilltechnologies.com]
Sent: Thursday, August 01, 2002 9:12 AM
To: security-basics
Subject: What are the questions I should ask.

Greetings folks,

I have been requested to provide solution for a sys log
management/analysis/reporting on 5 Checkpoint installations around Asia
Pacific. These are five exit and entry point to internet. I have no clue on
what their connectivity is the HQ (also I Asia pacific).

I need advice on what are the series of questions I should ask so as I could
make a
decent decision on the choice of syslog management server, maintenance and
support procedures and of course how much it is going to cost.

Thanks in advance.

Gill

____________________________________________________________________________
_______

IMail Server has scanned this e-mail for viruses using Declude Virus from
Optrics.com

• Previous message: Jac: "OpenBSD IPSec tunnels"
• In reply to: Shaun Sturby: "RE: What are the questions I should ask."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: [fw-wiz] RE: PIX vs Checkpoint vs Sonicwall vs Netscreenh ... SYSLOG - How logs are transfered to the syslogd? ... Configuration - where are RPC services? ... telnet/cli interface? ... IDS support? ... (Firewall-Wizards) Re: pros/cons to disabling msgid=0 / [ID 801593 mail.info] messages ... > I saw questions posted about the new field with answers pointing to ... > the man pages for syslog and logbut no discussion of the pro's ... The customer could tell support "I got a message with message ... Sun is actually using the IDs internally in support, ... (comp.unix.solaris) Re: pros/cons to disabling msgid=0 / [ID 801593 mail.info] messages ... >> and cons, explanations why Sun implemented it in the first place, what ... The customer could tell support "I got a message with message ... most of my 2.8 servers remain witht the syslog message ID enabled ... if this "unstable feature" will be yanked at a later date ... (comp.unix.solaris) Re: Strange SSHD Behaviour ... > Thanks for the support all guys. ... > If you can inject your own message in syslog, ... Vox ... (Focus-Linux) RE: syslog management ... This product is really much more than a syslog server. ... the best syslog management that I have found. ... > --able to classify the log according to source ... (Focus-IDS)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint