On Fri, Apr 04, 2003 at 06:46:50AM +0100, Kieran wrote: > On Wed, 26 Mar 2003, Michael Boman wrote: > > > Hi all, > > > > I am looking for a syslog (the old, udp one) software that makes sure that > > the integrity of the logs has not been modified since they was recived. I > > have looked at mSyslog, but the problem with that one is that I find it > > unstable and it totally locks up if one of the output modules doesn't > > work (we want the logs in a database for ease of searching as well as > > normal file for long-time storage). Syslog-ng seems to do what we want > > for the database part, but how about making sure that the logfiles was > > not subsequently changed after they were recived? > > > > Does anyone know any software that does this? > > > What sort of attacks on the logging data are you defending against? > > MALLET-type evil-doers? > General screw-ups? > Or chain-of-evidence validation? > > Just curious... > > Regards > > Kieran Chain-of-evidence most important, i would say. We can always restore data from backup in case of a screw-up, but we need to be able to convince our self and any customer or authority that the logs are as we recived them, hence I like syslog-ng as for what I understand it keeps track of the relay servers as well. Thinking of the physical security of the data centre I am not too worry about MALLET-type evil-doers, unless they come in with automatic rifles (and living in Singapore, it's an offence punished with death only caring some kind of fire-arm without license (ie: cops and military OK, the rest gets the rope). Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
This archive was generated by hypermail 2b30 : Fri Apr 04 2003 - 11:29:50 PST