Re: [logs] Secure Central Log Host

From: Tom Perrine (tepat_private)
Date: Wed Dec 04 2002 - 17:48:54 PST

  • Next message: Florin Andrei: "[logs] reinventing syslog [was: Secure Central Log Host]"

    >>>>> On Wed, 4 Dec 2002 23:00:40 +0100, "Tevfik Karagulle" <tevfikat_private> said:
    
        TK> Hi,
        TK> Wouldn't it be enough to configure your central log host as an NTP server
        TK> for machines generating syslogs or other logs ?
    
    Well, NTP is probably the right answer, but I don't think that the log
    server is the right place to put a low-stratum NTP server.
    
    Time service needs to be viewed as just one more critical service that
    is relied upon for security and auditing.
    
    We rolled out NTP way back when for Kerberos and NFS services.  Having
    time-synced logs on the various independent boxes while we built the
    central log infrastructure was really helpful.
    
    NTP is the right answer, and your log services should use it, but you
    may want one or more dedicated NTP servers, depending on whether you
    use your own real clock or someone else's.
    
    --tep
    
    -- 
    Tom E. Perrine <tepat_private> | San Diego Supercomputer Center 
    http://www.sdsc.edu/~tep/     | 
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Wed Dec 04 2002 - 19:19:15 PST