RE: [logs] syslog & Win2k?

From: Mike Blomgren (mike.blomgrenat_private)
Date: Tue Dec 18 2001 - 05:28:11 PST

  • Next message: todd glassey: "Re: [logs] Data for Court"

    Many thanks to all who responded on and off-list regarding Win2k &
    syslogd. I received very helpful information and valuable experience,
    from the 'real world'. My main concern was that stability and
    performance might be a problem, but that doesn't seem to be the case.
    
    Thanks, and have Merry Christmas.
    
    ~Mike
    
    
    > -----Original Message-----
    > From: John Campbell [mailto:jcampbellat_private] 
    > Sent: den 17 december 2001 23:29
    > To: 'Mike Blomgren'; loganalysisat_private
    > Subject: RE: [logs] syslog & Win2k?
    > 
    > 
    > We use WinSyslog by Adiscon Software AG (Germany.)  We have 
    > it running on two Windows 2000 machines, collecting syslog 
    > from several cisco and netscreen firewalls.  We've used it 
    > for about a year on both NT 4 and W2K. It's never crashed, 
    > and doesn't load the system very heavily.  It's not free, but 
    > it's not very expensive either (under $100 US.)  I recommend it.
    > 
    > John H. Campbell
    > Information Security Engineer
    > Washington School Information Processing Coop jcampbellat_private
    > 
    > -----Original Message-----
    > From: Mike Blomgren [mailto:mike.blomgrenat_private] 
    > Sent: Friday, December 14, 2001 5:57 AM
    > To: loganalysisat_private
    > Subject: [logs] syslog & Win2k?
    > 
    > I'm interested in hearing some 'real world' experience with 
    > running a syslog daemon on Win2k, and would like to hear your 
    > opinions.
    > 
    > We're a 'mixed' OS shop, with *nix and MS plattforms. We need 
    > to have the syslog from several (8-10) production 
    > webbservers, log to a dedicated syslogd host. For political 
    > reasons, the receiving syslogd host is a Win2k (something I'd 
    > like to change...). However, Win2k doesn't handle syslog by 
    > default. So, my questions is really; which syslog daemon for 
    > Win 2k would you suggest, and why?
    > 
    > Another concern is security. The syslog will contain 
    > sensitive information, and we need to be certain that the 
    > sylog contains correct information, and is not tampered with. 
    > Also, to perform the logging, the syslog has to pass a 
    > firewall situated between the webservers and the syslod host. 
    > Security implications? Should we trust syslogd, or would you 
    > recommand nsyslogd, or the such?...
    > 
    > I realise this is a lot to ask for, but I'd really appreciate 
    > some real-world experience. I know there are a lot of logical 
    > and practical issues in the above scenario, such as issues of 
    > stability, authenticity, availability, analysis of the syslog 
    > info, etc, etc...
    > 
    > TIA
    > 
    > Regards,
    > 
    > ~Mike
    > 
    > 
    > 
    > Mike Blomgren
    > CCNOX Security Management & Technology AB 
    > Box 5227 
    > 102 45  STOCKHOLM
    > 
    www.ccnox.com
    _____________________________________________________________ 
    The information included in this e-mail is intended only for the 
    person or entity to which it is addressed. Any use of this 
    information by persons or entities other than the intended 
    recipient is prohibited. If you receive this transmission in 
    error, please delete this email and destroy any copies of it. 
    
    Any opinions expressed in this email are those of the individual 
    and not necessarily those of the company CCNOX. 
    
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Tue Dec 18 2001 - 11:03:41 PST