Hello list. I'd first like to say that I thought I was alone out there in the world of Logging, or at least ahead of where a reasonable person would go with it. I'm glad to see there is a such a great resource such as this. Now, on to my issue: How should I handle logging for the devices in my DMZ? Big question right? Well, I'm presently using syslog forwarding and database analysis which works pretty well, but I'm really tired of sinking so much time and effort into it. The devices and services I'm collecting data off of can all write directly to a database, in one form of another, and the feeling that I didn't approach this correctly grows stronger every day. For example, after seeing the library item about 'artificial ignorance' it occurs to me that I'm doing something similar with my db scripts, except I'm suffering a performance hit each time I do a query. It would seem better to just put the data into the fields it belongs in natively, rather than by a scripting process after the fact. Here's what I've got today: Internet <-Firewalls-> DMZ <-Firewall with syslog forwarding-> Syslog Server, writing text logs, database scripts doing parsing I see basically two possible improvement approaches here: 1) Use database logging, where possible, and forward that to an internal server. 2) Put a db and syslog server in the DMZ and do my best to secure it. Has anyone on the list dealt with this same issue? I'd really appreciate a dialogue here, meanwhile I'm going to continue checking out this cool new site. Thanks, Bob _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Feb 06 2004 - 16:54:10 PST