On Fri, 14 Dec 2001, Mike Blomgren wrote: > ...the receiving syslogd host is a Win2k (something I'd like to > change...). However, Win2k doesn't handle syslog by default. So, my > questions is really; which syslog daemon for Win 2k would you suggest, and > why? I don't really have any recommendations one way or the other, unless you're looking for some specific functionality. > Another concern is security. The syslog will contain sensitive > information, and we need to be certain that the sylog contains correct > information, and is not tampered with. Keep in mind that syslog traffic is UDP and subject to message injection over the network. You'll need a secondary mechanism to back up your syslog data (local copies, proper staggered rotation, periodic sigs, etc.) > Also, to perform the logging, the syslog has to pass a firewall situated > between the webservers and the syslod host. Security implications? As above, message injection is a concern. Also keep in mind that it could be possible to flood the firewall with bogus data, causing it to drop valid syslog messages. --Rebecca Kastl --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sun Dec 16 2001 - 15:36:15 PST