PaulDotCom mailing list archives
Re: Setting up a syslog server
From: Champ Clark III <cclark () quadrantsec com>
Date: Mon, 07 Jan 2013 11:14:24 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's not that hard to setup syslog-ng/rsyslog server to simply collect logs. If you want to "detect" bad things via the log, check out the Sagan log analysis engine. If you're familiar with Snort, then you already know Sagan (basically). That project is at http://sagan.quadrantsec.com
Unfortunately I can't give to much away as it is part of a commercial project, at the moment they just want me to evaluate how easy it is to set up and the gain an idea of how much data is generated each day. I'll have a look at OSSEC as well but I think from what I've been told that a simple syslog server with Snare to grab logs from Windows will do what they want. Robin
- -- - - Champ Clark III (cclark () quadrantsec com) Quadrant Information Security (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJQ6vRgAAoJENnmXt7Lmc3KpWkH/2oU0sD6eGMe0rBozNCP2J5z xwbyuYqEB7F+xwmqu1qjAM2QYWHOmjleXE3dkwEntyepLPXrZ0A/WcE2v/OUfxCz gwPKZrgAr1OwVu0So/LvbbBNK8A1sLlyLN87mWXsAi+jUftFgeYkqDXwDl62wXLM kwIXM2E3t+91ikH8zJ2GbN1ahQAtnB2KAlPJl3IdBKDIApj+cya4Zq5lAFKf/Eyn netiU4jeJuYaNQNUnQSCDI+LY+dil4d8tDK+R1KTJoHotsTGjKXrrdmrNdg4jhL4 +CcTGb4AUpWnYxXCcxv9taUxNOL1a5Z0zeTvGYO5MI86rgS0bT5LqzUAsGWAkt0= =PBIR -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Brett (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Carlos Perez (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Doug Burks (Jan 06)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Xavier Mertens (Jan 07)
- Re: Setting up a syslog server Ralph Durkee (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 07)
- Re: Setting up a syslog server Champ Clark III (Jan 07)
- Re: Setting up a syslog server Tom Handlon (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 06)
- Re: Setting up a syslog server Brett (Jan 06)
- Re: Setting up a syslog server Albert R. Campa (Jan 07)
- Re: Setting up a syslog server John Franklin (Jan 07)
- Re: Setting up a syslog server Robin Wood (Jan 07)