RE: [logs] Logging in the DMZ

• Previous message: Safier, Adam *: "RE: [logs] Logging in the DMZ"
• Maybe in reply to: bmcdowell@private: "[logs] Logging in the DMZ"
• Next in thread: bmcdowell@private: "RE: [logs] Logging in the DMZ"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bob,

from the security point of view I do not really like the idea of having
the devices writing directly to the database. Maybe a slow start to
optimization would be helpful. How about considering just to have the
(still non-dmz, thus secured) syslogd write directly to the database. I
think many current syslogd's will alow you to do this.

Rainer 

> -----Original Message-----
> From: bmcdowell@private 
> [mailto:bmcdowell@private] 
> Sent: Friday, February 06, 2004 8:26 PM
> To: loganalysis@private
> Subject: [logs] Logging in the DMZ
> 
> 
> Hello list.  I'd first like to say that I thought I was alone 
> out there in the world of Logging, or at least ahead of where 
> a reasonable person would go with it.  I'm glad to see there 
> is a such a great resource such as this.  Now, on to my issue:
> 
> How should I handle logging for the devices in my DMZ?
> 
> Big question right?  Well, I'm presently using syslog 
> forwarding and database analysis which works pretty well, but 
> I'm really tired of sinking so much time and effort into it.  
> The devices and services I'm collecting data off of can all 
> write directly to a database, in one form of another, and the 
> feeling that I didn't approach this correctly grows stronger 
> every day.  For example, after seeing the library item about 
> 'artificial ignorance' it occurs to me that I'm doing 
> something similar with my db scripts, except I'm suffering a 
> performance hit each time I do a query.  It would seem better 
> to just put the data into the fields it belongs in natively, 
> rather than by a scripting process after the fact.
> 
> Here's what I've got today:
> 
> Internet <-Firewalls-> DMZ <-Firewall with syslog 
> forwarding-> Syslog Server, writing text logs, database 
> scripts doing parsing
> 
> I see basically two possible improvement approaches here:
> 
> 1)  Use database logging, where possible, and forward that to 
> an internal server.
> 2)  Put a db and syslog server in the DMZ and do my best to secure it.
> 
> Has anyone on the list dealt with this same issue?  I'd 
> really appreciate a dialogue here, meanwhile I'm going to 
> continue checking out this cool new site.
> 
> 
> Thanks,
> 
> Bob
> 
> 
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
> 
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: bmcdowell@private: "RE: [logs] Logging in the DMZ"
• Previous message: Safier, Adam *: "RE: [logs] Logging in the DMZ"
• Maybe in reply to: bmcdowell@private: "[logs] Logging in the DMZ"
• Next in thread: bmcdowell@private: "RE: [logs] Logging in the DMZ"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 09 2004 - 09:41:23 PST