Hi Jason, We are using syslog-ng and stunnel to accomplish this. We pump everything from the client over a secure tunnel into our syslog server. HTH, Harry Quoting Jason Haar <Jason.Haarat_private>: *> What with the desire for real-time alerts, how are people bringing those *> logs in? *> *> Typically it's not considered a good idea to allow arbitrary incoming UDP *> packets from a DMZ to a LAN, similarly, people don't feel happy putting the *> central syslog server out in the DMZ, so how do you put those two limiting *> factors together? *> *> You can rsync/whatever the data in, but it won't be merged into your central *> logs, so no real-time alerts, etc... *> *> -- *> Cheers *> *> Jason Haar *> Information Security Manager, Trimble Navigation Ltd. *> Phone: +64 3 9635 377 Fax: +64 3 9635 417 *> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 *> _______________________________________________ *> LogAnalysis mailing list *> LogAnalysisat_private *> http://lists.shmoo.com/mailman/listinfo/loganalysis *> -- Harry Hoffman ITSS Systems Team Leader University of Auckland hhoffmanat_private hhoffman@ip-solutions.net STANDARD DISCLAIMER: ********************************************** *This universe shipped by weight, not volume.* *Some expansion may have occured in shipping.* ********************************************* ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 14:25:45 PST