Re: [logs] How are people bringing DMZ syslog msgs into the central server?

From: Paul D. Robertson (probertsat_private)
Date: Mon Jan 20 2003 - 15:15:42 PST

  • Next message: Eric Fitzgerald: "RE: [logs] RE: NT Event Log and Web Server Attacks"

    On Mon, 20 Jan 2003, Jason Haar wrote:
    > What with the desire for real-time alerts, how are people bringing those
    > logs in?
    Most of the stuff I've seen has SSH tunneled the traffic from a local 
    syslog server.  Except those folks who just pass the packets in.
    Personally, I've never catered to that desire in operational environments 
    I've run except with a local server analyzing the traffic and mailing out 
    an alert.
    Paul D. Robertson      "My statements in this message are personal opinions
    probertsat_private      which may have no basis whatsoever in fact."
    probertsonat_private Director of Risk Assessment TruSecure Corporation
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 15:31:43 PST