Re: [logs] Problems/Questions on PEO

From: Sweth Chandramouli (loganalysisat_private)
Date: Mon Apr 01 2002 - 14:16:28 PST

  • Next message: Sweth Chandramouli: "Re: [logs] Problems/Questions on PEO"

    On Mon, Apr 01, 2002 at 12:12:11PM -0800, Devin Kowatch wrote:
    > You are right here, I was assuming (without realizing it) that the
    > machine A would be generating the hash, and sending it to the log server L.  
    > And that L would not be keeping it's own hash.  There are still
    > problems when the machine that is attacked is not logging to a remote
    > log server (as in the case of the central log server).
    	Well, yes; that's why you have everything log to a pair
    of independent loghosts that don't have any trust relationship with
    each other but that also log local info to each other and that burn
    their data to WORM media in near-real-time.  (Then you go looking for
    another job because you just got fired for blowing the entire IT budget
    on log infrastructure.  :) )
    
    	-- Sweth.
    
    -- 
    Sweth Chandramouli      Idiopathic Systems Consulting
    svcat_private      http://www.idiopathic.net/
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 14:31:41 PST