For years, I've used the idea of a central syslog host that all our unix machines use so that the logs were consolidated in one location and less able to be changed in case of a host compromise. Recently, the log traffic from our firewall (linux running ipchains) has been so heavy that the syslog server has been losing data. I've thought about multiple servers, a larger central server (though is this just delaying the problem for awhile again?), logging high volume servers to local disk (but then how to avoid log compromises if hacked?), alternative to syslog (I'm just running standard linux syslog), etc... I'm wondering how others configure their syslogging "enterprise-wide" to avoid this problem? -- Marlys A. Nelson Sr. Network Specialist Information Technology Services Network Services University of Wisconsin - River Falls 410 South Third Street Email: Marlys.A.Nelsonat_private River Falls WI 54022 http://www.uwrf.edu/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 07:54:36 PDT