lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: security at 303underground.com (Scott Taylor) Subject: syslog consolidation On Sun, 2003-11-09 at 20:47, Ivan Coric wrote: > Hi List, > > I am looking into consolidation tools for syslog and syslog daemon replacement and would like to hear from the list on your experiences. > > I have looked at > - intellitactics (too expensive) > - netforensics (agents required) > - m-syslog > - syslog-ng I use metalog on most of my systems. It does a nice job of splitting logs based on the program that sent the message as well as regex matching, to put anything matching "(failed|invalid)\s+(password|login|authentication)" for example into a single file. It will also buffer messages in memory if you want to be a little more efficient on your disk accesses. The biggest problem with it is that it only works as a local daemon. So, to log all of my router/switch messages off the UDP listener, I also run syslog-ng on one of my machines. The two do peacefully coexist, I only have syslog-ng listening for udp traffic without it opening up a local socket. I'm barely using any of the features of syslog-ng, but at least it has granular enough configuration that I only run the part of it that I want to. And that is always a good thing. -- Scott Taylor - <security@...underground.com> Davis' Law of Traffic Density: The density of rush-hour traffic is directly proportional to 1.5 times the amount of extra time you allow to arrive on time.
Powered by blists - more mailing lists