> > Defense in Depth (that term gets nauseating after you hear it too much). > ACLs, firewall, iptables, IPSec, run only the services you need on that > logging host so you limit its attack surface as much as possible, out of > bounds management for the logging server, etc. > > And, use a similar idea as the sniffer one above to have a backup copy > of the logs. > > Well John, you hit me with this. Off course, defense in Depth is what we should discussing instead of the "Holy grail". That in effect put the discussion back to a good balance. Meaning its not only the central system that will be responsible for everything, but each layers add to it. > As for the database issue, I don't know. Can you create a stored > procedure that will checksum a particular field or row? > Anyone any ideas for this one? Or is the practice dumping to file and doing checksums. I notice that several products feature the direct database (ODBC,JDBC) read method. But how would it track delta's? _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 23 2006 - 12:42:31 PDT