[logs] Re: Log integrity handling on central logsystem

• Previous message: Daniel Cid: "[logs] Re: Log integrity handling on central logsystem"
• In reply to: John H. Sawyer: "[logs] Re: Log integrity handling on central logsystem"
• Next in thread: Patrick Debois: "[logs] Re: Log integrity handling on central logsystem"
• Next in thread: Taneli Otala: "[logs] Re: Log integrity handling on central logsystem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John H. Sawyer wrote:
>If you could afford two systems, have your one system accepting the logs
>and another system that has no IP sniffing the wire for the logs as they
>go by. Now you have two sources and can compare them later.

By the way, if anyone wants it:
http://www.ranum.com/security/computer_security/index.html
"plog" -- a promiscuous mode syslog collector. It pulls up
UDP syslog packets, rips the syslog data right out of them
and injects them up /dev/log.

On good hardware it may be more reliable than syslogd
because it bypasses UDP input queues.

mjr. 

_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Daniel Cid: "[logs] Re: Log integrity handling on central logsystem"
• In reply to: John H. Sawyer: "[logs] Re: Log integrity handling on central logsystem"
• Next in thread: Patrick Debois: "[logs] Re: Log integrity handling on central logsystem"
• Next in thread: Taneli Otala: "[logs] Re: Log integrity handling on central logsystem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Aug 23 2006 - 12:39:31 PDT