On Tue, Jun 18, 2002 at 11:14:56AM -0400, mstevensonat_private wrote: > Obviously you can not trust logs residing on the compromised system, > but what can you trust? This was one of the reason why we developed Echelog. Echelog is a distributed agent/server system. Agents are installed on monitored computers and they are actively monitoring them (logged on users, running processes, network connections, system logs... whatever) and sending gathered data to a server (or more of them). The communication between agents and server is trusted - secured and authenticated (SSL/certificates). Server receives data, process it and stores it. Later you can browse through the log (simple commandline tools or web frontend). If the server is secured then all the data from monitored hosts from the time before their comprimise should be trusted. http://echelog.sourceforge.net/ Licence: MIT Supported OS: GNU/Linux (Mandrake, Red Hat), BSD (FreeBSD, NetBSD) and Solaris (Solaris 9) -- Martin Mačok http://underground.cz/ martin.macokat_private http://Xtrmntr.org/ORBman/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 08:09:53 PDT