On Wed, 26 Mar 2003, Michael Boman wrote: > Hi all, > > I am looking for a syslog (the old, udp one) software that makes sure that > the integrity of the logs has not been modified since they was recived. I > have looked at mSyslog, but the problem with that one is that I find it > unstable and it totally locks up if one of the output modules doesn't > work (we want the logs in a database for ease of searching as well as > normal file for long-time storage). Syslog-ng seems to do what we want > for the database part, but how about making sure that the logfiles was > not subsequently changed after they were recived? > > Does anyone know any software that does this? > What sort of attacks on the logging data are you defending against? MALLET-type evil-doers? General screw-ups? Or chain-of-evidence validation? Just curious... Regards Kieran _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 22:28:21 PST