Re: syslog log collabration

From: Papapanagiotoy Theofilos (theofpa_at_otenet.gr)
Date: 07/30/03

  • Next message: Hendra Santosa: "Re: Redhat 8.0 networking/routing/security issue..."
    Date: Wed, 30 Jul 2003 10:14:18 +0000
    To: subscribe@kringstad.net
    
    

    Glenn English wrote:

    >>On Tue, 2003-07-29 at 03:12, subscribe wrote:
    >
    >>>>1. I'm not sure which syslog daemon to choose: syslogd or syslog-ng.
    >>>> Any comments?
    >>
    >>
    I would recommend msyslogd (modular syslogd). I really like it's modules, supporting mysql, regular expressions, etc. Currently, my centralized syslog, has reached 873 MB in database, logging from 34 hosts (win, linux, solaris, with many services running on the machines) for about 2 months. The average of collecting syslog messages is 70.000 per day.

    >>
    >>syslogd. Start it with the -r switch to have it listen on port 413, UDP.
    >
    >
    syslog:~# grep syslog /etc/services
    syslog 514/udp

    >>>>2. I have to make the syslog deamon secure so that only the hosts I
    >>>>chose can connect.
    >>>> Is there any whitepapers or recommendations on how to do this?
    >>
    >>
    >>
    >>
    >>On Linux, use iptables or ipchains as a packet filter.
    >>
    >
    >
    >>>>3. I need to have a good syslog analyzer to do the logs, report on email
    >>>>or web.
    >>>> What is the best tool for this?
    >>
    >>
    >>
    >>
    >>logwatch does a pretty good job. It's bundled with most Linux distros.
    >
    >
    logwatch is great, but for windows machines/services logs, you have to write your own shell (or better perl) scripts. A php interface connecting to mysql and selecting logs using various parammeters could be usefull for your sysadmins.

    Papapanagiotoy Theofilos
    theofpa@otenet.gr

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Hendra Santosa: "Re: Redhat 8.0 networking/routing/security issue..."

    Relevant Pages

    • Re: Securing my Linux-pc? Worried....hacked?
      ... > Every day at about 4:02 AM all my Linux boxes start working like mad... ... > There is also a program called logwatch that runs automatically and sends ... > a summary of system log activity and anything it thiks are interesting. ... > blah, blah. ...
      (comp.os.linux.security)
    • RE: IPFW log results analysis
      ... >> Is there a tool for FBSD like logwatch on Linux, ...
      (freebsd-questions)
    • Re: Sending mail from Linux--whats required?
      ... > I am looking for a way to make Logwatch send reports to me nightly. ... > None of the Linux servers, except one running Postfix, actually send ... > need to run a mail server, such as Postfix, on each and every Linux ... I can't say for all linux versions but normally only a local mail server ...
      (comp.os.linux.networking)
    • Re: Sending mail from Linux--whats required?
      ... > I am looking for a way to make Logwatch send reports to me nightly. ... > None of the Linux servers, except one running Postfix, actually send ... > need to run a mail server, such as Postfix, on each and every Linux ... I can't say for all linux versions but normally only a local mail server ...
      (comp.os.linux.networking)