Re: [loganalysis] Re: Central syslog server best practices?

From: Tina Bird (tbird@precision-guesswork.com)
Date: Mon Aug 13 2001 - 13:07:27 PDT

Next message: Brian Ford: "Re: [loganalysis] Re: Central syslog server best practices?"

Previous message: Mike Hogsett: "Re: [loganalysis] Cisco ICMP logs"
In reply to: Ron Russell: "[loganalysis] Re: Central syslog server best practices?"
Next in thread: arkat_private: "Re: [loganalysis] Re: Central syslog server best practices?"
Next in thread: Mike Hoskins: "Re: [loganalysis] Re: Central syslog server best practices?"
Next in thread: Andreas Östling: "Re: Central syslog server best practices?"
Reply: arkat_private: "Re: [loganalysis] Re: Central syslog server best practices?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a great idea.  Please send me contributions, and I'll
try to get it together over the next couple of weeks.

I am tgeaching the Log Analysis class at USENIX tomorrow,
and Wednesday/Thursday I'll try to send the summary e-mails
about Windows syslog tools and summaries of third party apps.

cheers -- tbird

On Mon, 13 Aug 2001, Ron Russell wrote:

> Date: Mon, 13 Aug 2001 08:18:24 -0700
> From: Ron Russell <ronat_private>
> To: loganalysisat_private, Katsuhiro Kondou <kondouat_private>
> Subject: [loganalysis] Re: Central syslog server best practices?
> 
> You know, as I sift through these and determine which ones I should keep and
> which I should delete, the thought occurred to me that now would be a
> wonderful time to create a quick and dirty FAQ and post it here every 2
> weeks or so.  Just to keep us from having to answer common questions such as
> "what do you use for syslogging?" and "anyone have any good packages that
> run on NT?"
> 
> Just my .02 Cents
> Ron Russell
> ----- Original Message -----
> From: "Katsuhiro Kondou" <kondouat_private>
> To: <loganalysisat_private>
> Sent: Sunday, August 12, 2001 8:37 AM
> Subject: Re: Central syslog server best practices?
> 
> 
> > In article <3B74F5B5.9D071D2Dat_private>,
> > Marlys A Nelson <marlys.a.nelsonat_private> wrote;
> >
> > } able to be changed in case of a host compromise. Recently, the log
> > } traffic from our firewall (linux running ipchains) has been so heavy
> > } that the syslog server has been losing data.
> >
> > Doesn't syslog thru tcp help?  It's possible with
> > syslog-ng, though I've never used.
> > --
> > Katsuhiro Kondou
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> > For additional commands, e-mail: loganalysis-helpat_private
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
> 

VPN:  http://kubarb.phsx.ukans.edu/~tbird/vpn.html
life: http://kubarb.phsx.ukans.edu/~tbird
work: http://www.counterpane.com


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Brian Ford: "Re: [loganalysis] Re: Central syslog server best practices?"
Previous message: Mike Hogsett: "Re: [loganalysis] Cisco ICMP logs"
In reply to: Ron Russell: "[loganalysis] Re: Central syslog server best practices?"
Next in thread: arkat_private: "Re: [loganalysis] Re: Central syslog server best practices?"
Next in thread: Mike Hoskins: "Re: [loganalysis] Re: Central syslog server best practices?"
Next in thread: Andreas Östling: "Re: Central syslog server best practices?"
Reply: arkat_private: "Re: [loganalysis] Re: Central syslog server best practices?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 14:29:04 PDT