[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: security at 303underground.com (Scott Taylor)
Subject: syslog consolidation
On Sun, 2003-11-09 at 20:47, Ivan Coric wrote:
> Hi List,
>
> I am looking into consolidation tools for syslog and syslog daemon replacement and would like to hear from the list on your experiences.
>
> I have looked at
> - intellitactics (too expensive)
> - netforensics (agents required)
> - m-syslog
> - syslog-ng
I use metalog on most of my systems. It does a nice job of splitting
logs based on the program that sent the message as well as regex
matching, to put anything matching
"(failed|invalid)\s+(password|login|authentication)" for example into a
single file. It will also buffer messages in memory if you want to be a
little more efficient on your disk accesses. The biggest problem with it
is that it only works as a local daemon.
So, to log all of my router/switch messages off the UDP listener, I also
run syslog-ng on one of my machines. The two do peacefully coexist, I
only have syslog-ng listening for udp traffic without it opening up a
local socket. I'm barely using any of the features of syslog-ng, but at
least it has granular enough configuration that I only run the part of
it that I want to. And that is always a good thing.
--
Scott Taylor - <security@...underground.com>
Davis' Law of Traffic Density:
The density of rush-hour traffic is directly proportional to
1.5 times the amount of extra time you allow to arrive on time.
Powered by blists - more mailing lists