lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: rgerhards at hq.adiscon.com (Rainer Gerhards)
Subject: write events log to CD?

I agree, it's not really useful to have them on printed paper (but, of
course, you could scan and OCR it ;)). Sending them to syslog makes
sense for many organizations. There are several solutions to do so. See
www.eventreporter.com or
http://www.intersectalliance.com/projects/Snare/ for examples.

Rainer

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Barrie Dempster
> Sent: Monday, August 30, 2004 11:07 AM
> To: Ali Campbell
> Cc: Full Disclosure
> Subject: Re: [Full-Disclosure] write events log to CD?
> 
> On Mon, 2004-08-30 at 04:15, Ali Campbell wrote:
> > Sending logs to a printer makes the most sense to me. Absolutely 
> > unhijackable, and a good use for that old 9-pin dotmatrix and 2000 
> > sheets of traction feed paper you have in the cupboard.
> 
> Unless at some point you actually want to examine your logs.
> Even a moderately busy production server will produce so much 
> crap from
> that printer that it would be a nightmare to examine, if you had any
> sort of incident. Not to mention all that wasted paper.
> 
> 
> I know that you can dump event logs to a file, I seem to 
> recall it being
> scriptable too, although scripting the actual burning may be the issue
> here.
> However most good server versions of backup software will let you dump
> your event logs to their backup medium, which could be a CD-R.
> 
> If an incident does occur, event logs aren't a terribly great 
> source of
> information, you'd be much better off paying attention to your IDS/IPS
> system.
> -- 
> Barrie Dempster (zeedo) - Fortiter et Strenue
> 
>   http://www.bsrf.org.uk
> 
> [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
> 


Powered by blists - more mailing lists