[logs] How are people bringing DMZ syslog msgs into the central server?

Previous message: H C: "RE: [logs] RE: NT Event Log and Web Server Attacks"
Next in thread: Klaus Moeller: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
Reply: Klaus Moeller: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
Reply: Harry Hoffman: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
Reply: Mikael Olsson: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
Reply: Paul D. Robertson: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jason.Haarat_private

What with the desire for real-time alerts, how are people bringing those
logs in?

Typically it's not considered a good idea to allow arbitrary incoming UDP
packets from a DMZ to a LAN, similarly, people don't feel happy putting the
central syslog server out in the DMZ, so how do you put those two limiting
factors together?

You can rsync/whatever the data in, but it won't be merged into your central
logs, so no real-time alerts, etc...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis