-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christopher, You might want to take a look at the following tool. It passively captures the logs and commits them to disk with additional data (time/date seen on the wire, source/dest mac, source/dest ip, hashing, etc). It also supports relaying with or without forged source addresses. I built it to monitor syslog in the DMZ when I did not control the syslog servers or the clients. http://sourceforge.net/projects/psmd NOTE: It is beta so your feedback is appreciated. Thanks, Ron Christopher L. Petersen wrote: > I've always thought ensuring the integrity of the log begins at > collection and ends at archival. In defining integrity I would say it > means no log entries are altered and the complete log is collected and > centralized. As for best practices, I would recommend the following: > <snip> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) iD8DBQFFECZtM07Y65tnhwARAsGlAJ4nCyAm59DcumWwJjjDnaIUKPMvpwCcCTPd yDwHuK4z8v8ocU5oeNejQSU= =e9hz -----END PGP SIGNATURE----- _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Sep 19 2006 - 10:45:05 PDT