[<prev] [next>] [day] [month] [year] [list]
Message-ID: <058ED78424C9984CAAE1718CB65E966A01BF6B@virbqhomx2.virginblue.internal>
From: duncan.lindley at virginblue.com.au (Duncan Lindley)
Subject: syslog consolidation
I have had no grief from msyslog, it works a treat.
Eventlog to syslog comes in handy if you have some of that other, other
white meat also,
http://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys
-Dunc
-----Original Message-----
From: Scott Taylor [mailto:security@...underground.com]
Sent: Monday, 10 November 2003 2:29 PM
To: Ivan Coric
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] syslog consolidation
On Sun, 2003-11-09 at 20:47, Ivan Coric wrote:
> Hi List,
>
> I am looking into consolidation tools for syslog and syslog daemon
replacement and would like to hear from the list on your experiences.
>
> I have looked at
> - intellitactics (too expensive)
> - netforensics (agents required)
> - m-syslog
> - syslog-ng
I use metalog on most of my systems. It does a nice job of splitting logs
based on the program that sent the message as well as regex matching, to put
anything matching "(failed|invalid)\s+(password|login|authentication)" for
example into a single file. It will also buffer messages in memory if you
want to be a little more efficient on your disk accesses. The biggest
problem with it is that it only works as a local daemon.
So, to log all of my router/switch messages off the UDP listener, I also run
syslog-ng on one of my machines. The two do peacefully coexist, I only have
syslog-ng listening for udp traffic without it opening up a local socket.
I'm barely using any of the features of syslog-ng, but at least it has
granular enough configuration that I only run the part of it that I want to.
And that is always a good thing.
--
Scott Taylor - <security@...underground.com>
Davis' Law of Traffic Density:
The density of rush-hour traffic is directly proportional to
1.5 times the amount of extra time you allow to arrive on time.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
The content of this e-mail, including any attachments is a confidential
communication between Virgin Blue \ Pacific Blue and the intended addressee
and is for the sole use of that intended addressee. If you are not the
intended addressee, any use, interference with, disclosure or copying of
this material is unauthorized and prohibited. If you have received this
e-mail in error please contact the sender immediately and then delete the
message and any attachment(s). Virgin Blue \ Pacific Blue respects your
privacy. Our privacy policy can be accessed from our websites:
www.virginblue.com.au - www.flypacificblue.com
Powered by blists - more mailing lists