On Mon, Nov 04, 2002 at 07:30:37PM -0800, Gino Pietro Guidi wrote: > I have recently came across an article that described secure logging > using snort. Basically snort was configured to dump the contents of all > syslog packets sent to a fake ip. Then that ip was set up as the loghost > ip on the remote hosts. With this configuration, in theory, you wouldn't Sounds like passlogd: a syslog server sniffer that simply logs any syslog records it sees in promiscous mode. Could be perfect for an IDS :-) [Note: I had a look at it some time ago and there were bugs which stopped me using it. Pity - the idea is sound] -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 04:24:32 PST