RE: Syslog tools

From: jsklein (jsklein@mindspring.com)
Date: 09/17/02 

From: "jsklein" <jsklein@mindspring.com>
To: "'Omar Khawaja'" <omarkhawaja@yahoo.com>, "'Shaun Sturby'" <shaun@optrics.com>, <security-basics@securityfocus.com>
Date: Tue, 17 Sep 2002 08:56:07 -0400

If the objective of this syslog server is to provide evidence for the
courts, I would be interested in hearing how you will allow this to be
admissible.

Any syslog server running on a Microsoft Operating system will have the
same potential problem, one of "Chain of Custody" and unmodified log
files.

As some of you already know, Microsoft has changed it's license
agreements. If you have added the current Microsoft Service packs or
Microsoft Media Player, you give Microsoft the rights to scan your hard
drive, remotely and apply service packs at will.

In many cases, this takes Microsoft out of the running as a syslog
server in environments where compliance to GLB or HIPAA is required. At
least, this will provide a great deal of doubt to the integrity of the
log files.

In short, you may want to go the cheaper route and install a LINUX
system with syslog.

Joe Klein, CISSP IAM

-----Original Message-----
From: Omar Khawaja [mailto:omarkhawaja@yahoo.com]
Sent: Monday, September 16, 2002 11:43 AM
To: 'Shaun Sturby'; security-basics@securityfocus.com
Cc: 'netsec novice'
Subject: RE: Syslog tools

Kiwi is also a great (and most importantly, FREE) syslog daemon:

        http://www.kiwisyslog.com/

-----Original Message-----
From: Shaun Sturby [mailto:shaun@optrics.com]
Sent: Friday, September 06, 2002 5:54 PM
To: security-basics@securityfocus.com
Cc: 'netsec novice'
Subject: RE: Syslog tools

Hello N,

Take a look at Logalot from Somix (www.somix.com) It runs on Windows, is
based on Apache and MySQL has unlimited number of devices and can watch
the Windows logs as well.

It is even smart enough to be able to alert you via pager, beeper, email
and your own program if somthing logged violates a policy you have set.

Shaun

-----Original Message-----
From: netsec novice [mailto:netsec9@hotmail.com]
Sent: Thursday, September 05, 2002 5:48 PM
To: security-basics@securityfocus.com
Subject: Syslog tools

Can anyone recommend products free/paid that would provide centralized
logging from multiple sources? The sources would be IIS logs, Cisco
router logs, Checkpoint firewall logs etc.

Thanks for any suggestions...
N

________________________________________________________________________
___________

IMail Server has scanned this e-mail for viruses using Declude Virus
from Optrics.com

Relevant Pages

  • RE: Syslog and Router
    ... Use the "LOGGING " command to tell the router where the logs ... Setting up the syslog server to only accept logs from a particular IP is ...
    (Security-Basics)
  • Re: Syslog and Router
    ... Subject: Syslog and Router ... >> logs are supposed to go. ... >> some syslog server then logs are displayed on console. ...
    (Security-Basics)
  • RE: very busy syslog server
    ... Subject: Re: very busy syslog server ... >Subject: Re: very busy syslog server ... >than one packet per interrupt. ...
    (freebsd-performance)
  • RE: audit trails for file access
    ... I actually use NTSyslog to send my logs off to a syslog server, ... On the syslog server side, I use syslog-ng to log to a MySQL database. ... In regards to logging to another machine, use the Eventlog to Syslog ...
    (Focus-Microsoft)
  • RE: Event log counts...
    ... | syslog server in our environment. ... Kiwi will send an email to you with this information... ... It's kind of a chicken/egg problem, but dumping the event logs remotely ... Syslog Daemon started on: Fri, ...
    (Security-Basics)
Quantcast