Re: [logs] "Temperproof" logfiles?

From: Kieran (kieranat_private)
Date: Thu Apr 03 2003 - 21:46:50 PST

  • Next message: Rainer Gerhards: "RE: [logs] "Temperproof" logfiles?"

    On Wed, 26 Mar 2003, Michael Boman wrote:
    
    > Hi all,
    >
    > I am looking for a syslog (the old, udp one) software that makes sure that
    > the integrity of the logs has not been modified since they was recived. I
    > have looked at mSyslog, but the problem with that one is that I find it
    > unstable and it totally locks up if one of the output modules doesn't
    > work (we  want the logs in a database for ease of searching as well as
    > normal file for long-time storage). Syslog-ng seems to do what we want
    > for the database part, but how about making sure that the logfiles was
    > not subsequently changed after they were recived?
    >
    > Does anyone know any software that does this?
    >
    What sort of attacks on the logging data are you defending against?
    
    MALLET-type evil-doers?
    General screw-ups?
    Or chain-of-evidence validation?
    
    Just curious...
    
    Regards
    
    Kieran
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 22:28:21 PST