Hi, We've deployed a centralized syslog solution based on cfengine. In our deployment, cfengine + SSL + TCPwrapper is used to encrypt communication between centralized log server and multiple syslog servers. Authentication is done via a shared key. Multiple syslog servers collect syslog from other machines. Logs are further collected from the syslog servers to the centralized server on a daily basis. We have snorts running on individual servers. We also have a number of customized scripts scheduled to run on the centralized log servers to scan the logs to detect daemons run, rejected connections, security violations, intrusion attempts, etc. These daily reports are sent to the security admin for manual inspection. The solution makes use of multiple freeware packages including - cfengine - SSLeay - TCPwrapper - snort - chksyslog - logchecker - a bunch of custom perl and shell scripts One can add swatch for realtime alert and Winsyslog for Windows support. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 12:54:49 PDT