[logs] How are people bringing DMZ syslog msgs into the central server?

From: Jason Haar (Jason.Haarat_private)
Date: Sun Jan 19 2003 - 17:04:49 PST

  • Next message: Rainer Gerhards: "RE: [logs] RE: NT Event Log and Web Server Attacks"

    What with the desire for real-time alerts, how are people bringing those
    logs in?
    Typically it's not considered a good idea to allow arbitrary incoming UDP
    packets from a DMZ to a LAN, similarly, people don't feel happy putting the
    central syslog server out in the DMZ, so how do you put those two limiting
    factors together?
    You can rsync/whatever the data in, but it won't be merged into your central
    logs, so no real-time alerts, etc...
    Jason Haar
    Information Security Manager, Trimble Navigation Ltd.
    Phone: +64 3 9635 377 Fax: +64 3 9635 417
    PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 09:45:41 PST