How does one then protect the syslog server from tampering?
The second part of the requirement (usually) is some sort of encryption or
hashing process that
protects the collected logs on the syslog server from even the admins.
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Ron Johnson - Adhost
Sent: Tuesday, January 29, 2008 3:27 PM
To: Kurt Buff
Cc: focus-ms@securityfocus.com
Subject: RE: Centralizing Event Viewer Logs
Thanks for all the quick input folks. I will definitely look into each
solution.
-Ron
-----Original Message-----
From: Kurt Buff [mailto:kurt.buff@gmail.com]
Sent: Tuesday, January 29, 2008 12:24 PM
To: Ron Johnson - Adhost
Cc: focus-ms@securityfocus.com
Subject: Re: Centralizing Event Viewer Logs
There are several alternatives, but I've settled on the Kiwisoft
syslog server (the free version is fine, but the pay version is cheap
and does some very nice extra things) and the IntersectAlliance Snare
syslog client. The Snare client takes each event entry, formats it to
a single line, then sends it to the syslog server. Install it on each
of your machines for which you are monitoring event logs, and it works
nicely.
On Jan 29, 2008 11:51 AM, Ron Johnson - Adhost <ron@adhost.com> wrote:
Hello List:
I was looking into options that will allow us to centralize Event
Viewer
Logs in an Active Directory domain - can anyone recommend any software
for this? It would be great if we could find a piece of software that
does just this - not a full blown enterprise security solution that
cost$ and does many other things that we wouldn't use it for
necessarily.
Thanks!
__________ NOD32 2232 (20070430) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
