Hi all -- One of the things specifically mentioned in the List Charter is that I want to build a list of devices that speak syslog, as well as documentation on how to configure them. I'm working on the list Web site this week. Intended content includes: - links to specifications & standards, proposed and otherwise - syslog replacements (like syslog-ng) - how to build a central loghost - parsing tools (logsurfer, swatch, checksyslog, and a host of others) - syslog configurations for everything that speaks syslog natively - third party applications and configs for stuff that can be persuaded to speak syslog - sample log data, interpretations, sample configs for parsing tools, etc for attacks both old and new --> in other words, a repository for all things syslog. One of my primary goals is to build a sample config for swatch and logsurfer that contains a reasonable set of attack signatures. I know this is fraught with danger -- everyone's network is different, everyone's got different threat models -- but at the moment, the only security related signatures that a newbie can find includes things like failed logins. Not buffer overflows. A lot of this I've already got documented as part of my class, and a lot of additional information will come from the list archives. We'll also need to be working on an FAQ. If you want to take a look at a model for this, check out the VPN site at http://kubarb.phsx.ukans.edu/~tbird/vpn.html. In the long term, the site will be hosted at Counterpane and mirrored at lots of other places. In the short term, I'll probably do the development on the server mentioned above -- I'll send out temporary links when I've got something together. So >please< continue to send sample data, lists of syslog capable devices, and configurations, to the list -- that way people will get the maximum use out of it quickly. tbird On Mon, 20 Aug 2001, Rainer Gerhards wrote: > Date: Mon, 20 Aug 2001 19:05:43 +0200 > From: Rainer Gerhards <rgerhardsat_private> > To: loganalysisat_private > Subject: [loganalysis] Syslog enabled devices > > Dear List, > > I hope this isn't to off-topic. I noticed that this list could be a good > place to ask my question.... > > Some time ago, I tried to start a database of syslog enabled devices. It > should hold which devices are capable of syslog reporting and how to > configure syslog support inside them. Unfortunately, I realised very quickly > that the information is hard to come by. I emailed many vendors but got .... > well discouraging answers (at most - if you count now answers as > discouraging, the number skyrockets ;-). > > Maybe the people in this list would like to share this information with me. > If you could spice up it with some data of the log format, it could be even > more useful. I started a very bare prototype of this database at > > http://www.winsyslog.com/en/syslog-enabled-products/ > <http://www.winsyslog.com/en/syslog-enabled-products/> > > please be warned ;-) We are a vendor of a Windows based syslog daemon and > the link is off the product site. I hope you'll forgive for this. > > I suspect that the list owner prefers if anyone interested emails my > privately at rgerhardsat_private <mailto:rgerhardsat_private> . > > I appreciate any and all help I can get on this issue. > > Many thanks and best regards, > Rainer Gerhards > Adiscon > VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html life: http://kubarb.phsx.ukans.edu/~tbird work: http://www.counterpane.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 10:43:22 PDT