RE: [logs] Seeking suggestions for a syslog tutorial

From: Salim Douba (Salimat_private)
Date: Thu Jul 10 2003 - 07:27:30 PDT

  • Next message: Eric Fitzgerald: "RE: [logs] [W2K] New Process ID field in 592 events"

    Hi Rainer,
    
    This is my first posting ever. I hope the following suggestions make sense:
    
    1. Discussion of syslog vulnerabilities
    2. How to secure syslog both confidentiality and integrity-wise
    3. Concept of central logging: why, and how
    4. Common technologies, including report generators
    5. Firewalls, Routers, Windows and LINUX/UNIX, etc... log integration
    5. How to assess the sanity (and security) of syslog implementation
    6. Timestamps, time synch,  and other log details of significance.
    7. Configuration concepts and integration with alerting tools (email,
    pagers,...)
    
    
    This is what I could think of, in no particular order. I am sure that there
    is lots more to cover. I hope that you find the above helpful.
    
    Regards
    
    Salim Douba
    Senior Security Architect
    Cygnos IT Security
    http://www.cygnos.com
    Tel: (613) 276 1231
    
    
    -----Original Message-----
    From: Rainer Gerhards [mailto:rgerhardsat_private] 
    Sent: Wednesday, July 09, 2003 4:50 AM
    To: loganalysisat_private
    Subject: [logs] Seeking suggestions for a syslog tutorial
    
    
    Hi all,
    
    We are currently preparing to do syslog tutorial for the beginner to
    intermediate sysadmin. I would appreciate any suggestions what should go into
    such a tutorial. We intend to deliver both "papers" as well as streamin
    media. The tutorial will be free.
    
    Thanks,
    Rainer
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    
    This e-mail is intended solely for the above recipient(s) and may contain confidential or privileged information. Any dissemination or use of this information by individuals other than the intended recipient(s) is unauthorized and may be illegal.  If you have received it in error, please notify Salim Douba immediately by return e-mail, and delete all copies.  
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 18:06:10 PDT