We use WinSyslog by Adiscon Software AG (Germany.) We have it running on two Windows 2000 machines, collecting syslog from several cisco and netscreen firewalls. We've used it for about a year on both NT 4 and W2K. It's never crashed, and doesn't load the system very heavily. It's not free, but it's not very expensive either (under $100 US.) I recommend it. John H. Campbell Information Security Engineer Washington School Information Processing Coop jcampbellat_private -----Original Message----- From: Mike Blomgren [mailto:mike.blomgrenat_private] Sent: Friday, December 14, 2001 5:57 AM To: loganalysisat_private Subject: [logs] syslog & Win2k? I'm interested in hearing some 'real world' experience with running a syslog daemon on Win2k, and would like to hear your opinions. We're a 'mixed' OS shop, with *nix and MS plattforms. We need to have the syslog from several (8-10) production webbservers, log to a dedicated syslogd host. For political reasons, the receiving syslogd host is a Win2k (something I'd like to change...). However, Win2k doesn't handle syslog by default. So, my questions is really; which syslog daemon for Win 2k would you suggest, and why? Another concern is security. The syslog will contain sensitive information, and we need to be certain that the sylog contains correct information, and is not tampered with. Also, to perform the logging, the syslog has to pass a firewall situated between the webservers and the syslod host. Security implications? Should we trust syslogd, or would you recommand nsyslogd, or the such?... I realise this is a lot to ask for, but I'd really appreciate some real-world experience. I know there are a lot of logical and practical issues in the above scenario, such as issues of stability, authenticity, availability, analysis of the syslog info, etc, etc... TIA Regards, ~Mike Mike Blomgren CCNOX Security Management & Technology AB Box 5227 102 45 STOCKHOLM www.ccnox.com _____________________________________________________________ The information included in this e-mail is intended only for the person or entity to which it is addressed. Any use of this information by persons or entities other than the intended recipient is prohibited. If you receive this transmission in error, please delete this email and destroy any copies of it. Any opinions expressed in this email are those of the individual and not necessarily those of the company CCNOX. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 15:00:21 PST