I'm looking for feedback how centralized log solutions handle data integrity; If you would log directly to a central system, that log is the only source. So you would miss something to compare against. -Would you rely on taking checksums of the logs and storing them on another system? -How do you protect yourself from the fact that the central logging is compromised with a still growing logfile? Would you consider signing each log line? Signing within a text file is fairly easy, but what about content stored in a database? My customer is currently looking at Splunk. It seems a great way to go through the logfiles, but I'm not sure that we can fullfill his dataintegrity requirements with it. But then again it does not stand in the way of another solution doing it probable. Patrick _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Aug 21 2006 - 23:45:29 PDT