lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: duncan.lindley at virginblue.com.au (Duncan Lindley) Subject: syslog consolidation I have had no grief from msyslog, it works a treat. Eventlog to syslog comes in handy if you have some of that other, other white meat also, http://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys -Dunc -----Original Message----- From: Scott Taylor [mailto:security@...underground.com] Sent: Monday, 10 November 2003 2:29 PM To: Ivan Coric Cc: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] syslog consolidation On Sun, 2003-11-09 at 20:47, Ivan Coric wrote: > Hi List, > > I am looking into consolidation tools for syslog and syslog daemon replacement and would like to hear from the list on your experiences. > > I have looked at > - intellitactics (too expensive) > - netforensics (agents required) > - m-syslog > - syslog-ng I use metalog on most of my systems. It does a nice job of splitting logs based on the program that sent the message as well as regex matching, to put anything matching "(failed|invalid)\s+(password|login|authentication)" for example into a single file. It will also buffer messages in memory if you want to be a little more efficient on your disk accesses. The biggest problem with it is that it only works as a local daemon. So, to log all of my router/switch messages off the UDP listener, I also run syslog-ng on one of my machines. The two do peacefully coexist, I only have syslog-ng listening for udp traffic without it opening up a local socket. I'm barely using any of the features of syslog-ng, but at least it has granular enough configuration that I only run the part of it that I want to. And that is always a good thing. -- Scott Taylor - <security@...underground.com> Davis' Law of Traffic Density: The density of rush-hour traffic is directly proportional to 1.5 times the amount of extra time you allow to arrive on time. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html The content of this e-mail, including any attachments is a confidential communication between Virgin Blue \ Pacific Blue and the intended addressee and is for the sole use of that intended addressee. If you are not the intended addressee, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. If you have received this e-mail in error please contact the sender immediately and then delete the message and any attachment(s). Virgin Blue \ Pacific Blue respects your privacy. Our privacy policy can be accessed from our websites: www.virginblue.com.au - www.flypacificblue.com
Powered by blists - more mailing lists