Re: [loganalysis] Central Syslog Server, Actual Best Choice ?

From: Matt Bing (mbingat_private)
Date: Thu Aug 16 2001 - 12:32:30 PDT

Next message: Dan Rowles: "Re: [loganalysis] Logging standards and such"

Previous message: Jeff King: "Re: [loganalysis] Logging standards and such"
In reply to: Eric Vanborren: "[loganalysis] Central Syslog Server, Actual Best Choice ?"
Next in thread: arkat_private: "Re: [loganalysis] Central Syslog Server, Actual Best Choice ?"
Reply: arkat_private: "Re: [loganalysis] Central Syslog Server, Actual Best Choice ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eric Vanborren said:
> Which one "Central Syslog Server" (OpenSource on Solaris) should I
> install ?
>   - msyslog
>   - syslog-ng
>   - anything else ?
>      - Does anything exist such as "log Viewer" of checkPoint FW1 ?

You also might want to look at Darren Reed's nsyslog:

http://cheops.anu.edu.au/~avalon/nsyslog.html

Beyond vanilla syslogd, it includes support for:

- transport over TCP (and SSL)
- regex filtering
- log hash chaining (a big win for the paranoid)
- maintains priority when writing logs

I've had nothing but positive experiences using it in production.

-- 
Matt Bing
NFR Security
Rapid Response Team

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Dan Rowles: "Re: [loganalysis] Logging standards and such"
Previous message: Jeff King: "Re: [loganalysis] Logging standards and such"
In reply to: Eric Vanborren: "[loganalysis] Central Syslog Server, Actual Best Choice ?"
Next in thread: arkat_private: "Re: [loganalysis] Central Syslog Server, Actual Best Choice ?"
Reply: arkat_private: "Re: [loganalysis] Central Syslog Server, Actual Best Choice ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 12:35:25 PDT