Re: [logs] How are people bringing DMZ syslog msgs into the central server?

• Previous message: Harry Hoffman: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
• In reply to: Jason Haar: "[logs] How are people bringing DMZ syslog msgs into the central server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 20 Jan 2003, Jason Haar wrote:

> What with the desire for real-time alerts, how are people bringing those
> logs in?

Most of the stuff I've seen has SSH tunneled the traffic from a local 
syslog server.  Except those folks who just pass the packets in.

Personally, I've never catered to that desire in operational environments 
I've run except with a local server analyzing the traffic and mailing out 
an alert.

YMMV,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
probertsat_private      which may have no basis whatsoever in fact."
probertsonat_private Director of Risk Assessment TruSecure Corporation

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Eric Fitzgerald: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Previous message: Harry Hoffman: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
• In reply to: Jason Haar: "[logs] How are people bringing DMZ syslog msgs into the central server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 15:31:43 PST