I was reading this thread about somebody in need of a "Syslog Appliance"
and I started to think: what do they ACTUALLY need? I am surprised that
they know they need an appliance but (IMHO) seem to be unsure what to do
with it. I suspect from this:
>What I'm looking for is basically a simple appliance to receive syslogs over
>a network from various devices. Place the appliance on the network,
>configure the devices to log to the appliance, and retrieve the logs from
>the appliance with a web-gui, or automated ftp/https etc. Just a simple
>syslog-server, with plenty of disk.
the real need is to centralize all syslog-formatted log files in one place
cheaply. Why do it? Here are some common options: forensics after the
incident (1), audit (2), ongoing monitoring (3), compliance with some
regulation (4), system performance monitoring (5)? I'd venture a guess
that picking from 1-5 above might lead you away from a commercial "syslog
appliance" to maybe building it in-house, using SIM software or abandoming
the idea altogether?
Best,
--
Anton A. Chuvakin, Ph.D., GCIA, GCIH
http://www.info-secure.org
http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sat Jul 17 2004 - 00:49:06 PDT