On Thu, 13 Jan 2000 10:35:45 +0530, VN_Sabarinath@satyam-infoway.com wrote: > I administer 5 remote firewalls and wish to do seperate centralized anaysis > of the logfiles to generate custom reports. > > To get the log files, I propose to regularly FTP the files (in zipped > version, once a day, automatically)from the firewalls to a centralised > machine. This machine run a log anaysis software. The report may be FTP'ed > back or put up on a website. > > 1) Are there any better approaches to do this? Well, I would highly recommend using scp (part of the SSH distribution) instead of FTP to move the files around. That way, you don't have to run an FTP daemon on your log analyzer machine. Another perhaps not-so-minor benefit is that your logfiles are encrypted in transit, which means that an attacker cannot see whether his attempts have created log messages (by packet sniffing) nor can the attacker easily steal the connection and spoof false logs to hide his tracks. -Chuck Chuck 'Sisyphus' Swiger | chuckat_private | Bad cop! No Donut. ------------------------+-------------------+-------------------- I know that you are an optimist if you think I am a pessimist....
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:51 PDT