Re: [logs] How are people bringing DMZ syslog msgs into the central server?

From: Harry Hoffman (
Date: Mon Jan 20 2003 - 12:01:33 PST

  • Next message: Mikael Olsson: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"

    Hi Jason,
      We are using syslog-ng and stunnel to accomplish this. We pump everything from
    the client over a secure tunnel into our syslog server.
    Quoting Jason Haar <Jason.Haarat_private>:
    *> What with the desire for real-time alerts, how are people bringing those
    *> logs in?
    *> Typically it's not considered a good idea to allow arbitrary incoming UDP
    *> packets from a DMZ to a LAN, similarly, people don't feel happy putting the
    *> central syslog server out in the DMZ, so how do you put those two limiting
    *> factors together?
    *> You can rsync/whatever the data in, but it won't be merged into your central
    *> logs, so no real-time alerts, etc...
    *> --
    *> Cheers
    *> Jason Haar
    *> Information Security Manager, Trimble Navigation Ltd.
    *> Phone: +64 3 9635 377 Fax: +64 3 9635 417
    *> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
    *> _______________________________________________
    *> LogAnalysis mailing list
    *> LogAnalysisat_private
    Harry Hoffman
    ITSS Systems Team Leader
    University of Auckland
    *This universe shipped by weight, not volume.*
    *Some expansion may have occured in shipping.*
    This mail sent through IMP:
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 14:25:45 PST