lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: security at 303underground.com (Scott Taylor)
Subject: syslog consolidation

On Sun, 2003-11-09 at 20:47, Ivan Coric wrote:
> Hi List,
> 
> I am looking into consolidation tools for syslog and syslog daemon replacement and would like to hear from the list on your experiences.
> 
> I have looked at
> - intellitactics (too expensive)
> - netforensics (agents required)
> - m-syslog
> - syslog-ng

I use metalog on most of my systems. It does a nice job of splitting
logs based on the program that sent the message as well as regex
matching, to put anything matching 
"(failed|invalid)\s+(password|login|authentication)" for example into a
single file. It will also buffer messages in memory if you want to be a
little more efficient on your disk accesses. The biggest problem with it
is that it only works as a local daemon. 

So, to log all of my router/switch messages off the UDP listener, I also
run syslog-ng on one of my machines. The two do peacefully coexist, I
only have syslog-ng listening for udp traffic without it opening up a
local socket. I'm barely using any of the features of syslog-ng, but at
least it has granular enough configuration that I only run the part of
it that I want to. And that is always a good thing.

--
Scott Taylor - <security@...underground.com> 

Davis' Law of Traffic Density:
	The density of rush-hour traffic is directly proportional to
	1.5 times the amount of extra time you allow to arrive on time.


Powered by blists - more mailing lists