Re: [logs] "Temperproof" logfiles?

• Previous message: Eric Hines: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• In reply to: Michael Boman: "[logs] "Temperproof" logfiles?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday, March 25, 2003, at 10:52  PM, Michael Boman wrote:

> Hi all,
>
> I am looking for a syslog (the old, udp one) software that makes sure 
> that
> the integrity of the logs has not been modified since they was 
> recived. I
> have looked at mSyslog, but the problem with that one is that I find it
> unstable and it totally locks up if one of the output modules doesn't
> work (we  want the logs in a database for ease of searching as well as
> normal file for long-time storage). Syslog-ng seems to do what we want
> for the database part, but how about making sure that the logfiles was
> not subsequently changed after they were recived?
>

I think you might want to look into msyslog (http://msyslog.sf.net) It 
allows for signing of logs as they come in, using a key on the local 
machine.

I'm in the process of figuring out how to configure syslog-ng to pass 
the syslog entries through openssl to sign the lines before they are 
written to disk. Watch the mailing list for more information.



> Does anyone know any software that does this?
>
> Best regards
>  Michael Boman
>
> -- 
> Michael Boman
> Security Architect, SecureCiRT Pte Ltd
> http://www.securecirt.com
> <mime-attachment>
Blaise St-Laurent
Senior Security Architect
613-266-4258

____________________________________________________________________
Okiok Data  http://www.okiok.com   (450) 681-1681
Solutions de sécurité d'entreprise et d'affaires électroniques
Enterprise and e-business security solutions

This e-mail message (including attachments, if any) is intended for the 
use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary, confidential and exempt 
from
disclosure. If you are not the intended recipient, you are notified 
that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please 
notify
the sender and erase this e-mail message immediately.

Le présent message électronique (y compris les pièces qui y sont 
annexées,
le cas échéant) s'adresse au destinataire indiqué et peut contenir des
renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le
destinataire de ce document, nous vous signalons qu'il est strictement
interdit de le diffuser, de le distribuer ou de le reproduire. Si ce 
message
vous a été transmis par erreur, veuillez en informer l'expéditeur et le
supprimer immédiatement.


_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Eric Hines: "[logs] Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit"
• Previous message: Eric Hines: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• In reply to: Michael Boman: "[logs] "Temperproof" logfiles?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 28 2003 - 13:40:18 PST