syslog, was Re: greetingz

From: dgillettat_private
Date: Fri Aug 10 2001 - 13:53:45 PDT

Next message: Tina Bird: "strings associated with code red and variants (fwd)"

Previous message: Marcus J. Ranum: "Re: greetingz"
In reply to: Tina Bird: "Re: greetingz"
Next in thread: D Tuinstra: "Re: syslog, was Re: greetingz"
Next in thread: John Campbell: "re:greetingz"
Reply: D Tuinstra: "Re: syslog, was Re: greetingz"
Reply: John Swope: "[loganalysis] Re: syslog, was Re: greetingz"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  I'm probably somewhat perverse in liking to have syslog routed to 
an NT/2K box.  (I like SL4NT, and I have tools for monitoring / 
managing the NT event logs....)
  What I've noticed, though, is that most of the syslog-enabled 
devices I've worked with allow for only a single destination address.

  [Yes, there are exceptions:  The Cisco 30xx VPN concentrators 
(originally Altiga) allow a list, and I've verified that when two 
addresses are entered they both receive all entries.]

  The thing is, standard syslog uses UDP, so if the log server 
hiccups (or needs a reboot, or whatever), the info is lost.  I'm not 
sure how far the new syslog-sec proposal goes towards remedying that.

  Have people experimented with sending syslog to a broadcast / 
multicast destination instead of a single host?  Did it work?

David Gillett


On 10 Aug 2001, at 11:37, Tina Bird wrote:

> What do you mean by "handle"?  What I usually try to
> do is to get all my devices to talk syslog -- I'll send
> a message to this list at some point in the next couple
> of days summarizing options for getting WinNT and Win2k to
> talk syslog -- and at that point, any syslog server can
> accumulate them.  Then you have to figure out what to >do<
> with the information, of course, but there are also lots
> of options there.
> 
> Would I be correct in assuming, oh list members, that it
> would be good to have a Web page that included info on 
> syslog processing apps (like swatch, logcheck, logsurfer)
> and integration tools for systems without native syslog?
> I could probably put something together based on the work
> I've done for my USENIX class...
> 
> tbird
> 
> On Fri, 10 Aug 2001 Nistor.Lubomir@Star-21.De wrote:
> 
> > Date: Fri, 10 Aug 2001 15:03:58 +0200
> > From: Nistor.Lubomir@Star-21.De
> > To: loganalysisat_private
> > Subject: greetingz
> > 
> > Hi
> > 
> > Just wondering if there is somebody on this list..
> > 
> > and to make it acceptable by mailmaster..
> > here's my question:
> > 
> > I'm looking for a log server that can handel eventlog, syslog, logs from
> > some NEs, ...
> > 
> > I found only NFR SLS 
> > 
> > anybody got something else?
> > 
> > lubo
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> > For additional commands, e-mail: loganalysis-helpat_private
> > 
> 
> VPN:  http://kubarb.phsx.ukans.edu/~tbird/vpn.html
> life: http://kubarb.phsx.ukans.edu/~tbird
> work: http://www.counterpane.com
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Tina Bird: "strings associated with code red and variants (fwd)"
Previous message: Marcus J. Ranum: "Re: greetingz"
In reply to: Tina Bird: "Re: greetingz"
Next in thread: D Tuinstra: "Re: syslog, was Re: greetingz"
Next in thread: John Campbell: "re:greetingz"
Reply: D Tuinstra: "Re: syslog, was Re: greetingz"
Reply: John Swope: "[loganalysis] Re: syslog, was Re: greetingz"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 15:06:48 PDT