RE: [logs] syslog & Win2k?

From: Jason Lewis (jlewisat_private)
Date: Sun Dec 16 2001 - 14:39:08 PST

  • Next message: King, Arron S.: "RE: [logs] syslog & Win2k?"

    Kiwi makes a windows syslog server.  http://www.kiwi-enterprises.com/
    
    My experience with it on 2000 was good.  I don't think there is an issue
    with the number of servers you have.
    
    Jason Lewis
    http://www.packetnexus.com
    It's not secure "Because they told me it was secure".
    The people at the other end of the link know less
    about security than you do. And that's scary.
    
    
    
    -----Original Message-----
    From: Mike Blomgren [mailto:mike.blomgrenat_private]
    Sent: Friday, December 14, 2001 8:57 AM
    To: loganalysisat_private
    Subject: [logs] syslog & Win2k?
    
    
    I'm interested in hearing some 'real world' experience with running a
    syslog daemon on Win2k, and would like to hear your opinions.
    
    We're a 'mixed' OS shop, with *nix and MS plattforms. We need to have
    the syslog from several (8-10) production webbservers, log to a
    dedicated syslogd host. For political reasons, the receiving syslogd
    host is a Win2k (something I'd like to change...). However, Win2k
    doesn't handle syslog by default. So, my questions is really; which
    syslog daemon for Win 2k would you suggest, and why?
    
    Another concern is security. The syslog will contain sensitive
    information, and we need to be certain that the sylog contains correct
    information, and is not tampered with. Also, to perform the logging, the
    syslog has to pass a firewall situated between the webservers and the
    syslod host. Security implications? Should we trust syslogd, or would
    you recommand nsyslogd, or the such?...
    
    I realise this is a lot to ask for, but I'd really appreciate some
    real-world experience. I know there are a lot of logical and practical
    issues in the above scenario, such as issues of stability, authenticity,
    availability, analysis of the syslog info, etc, etc...
    
    TIA
    
    Regards,
    
    ~Mike
    
    
    
    Mike Blomgren
    CCNOX Security Management & Technology AB
    Box 5227
    102 45  STOCKHOLM
    
    www.ccnox.com
    _____________________________________________________________
    The information included in this e-mail is intended only for the
    person or entity to which it is addressed. Any use of this
    information by persons or entities other than the intended
    recipient is prohibited. If you receive this transmission in
    error, please delete this email and destroy any copies of it.
    
    Any opinions expressed in this email are those of the individual
    and not necessarily those of the company CCNOX.
    
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Sun Dec 16 2001 - 15:46:33 PST