I agree, it's not really useful to have them on printed paper (but, of
course, you could scan and OCR it ;)). Sending them to syslog makes
sense for many organizations. There are several solutions to do so. See
www.eventreporter.com or
http://www.intersectalliance.com/projects/Snare/ for examples.
Rainer
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
Barrie Dempster
Sent: Monday, August 30, 2004 11:07 AM
To: Ali Campbell
Cc: Full Disclosure
Subject: Re: [Full-Disclosure] write events log to CD?
On Mon, 2004-08-30 at 04:15, Ali Campbell wrote:
Sending logs to a printer makes the most sense to me. Absolutely
unhijackable, and a good use for that old 9-pin dotmatrix and 2000
sheets of traction feed paper you have in the cupboard.
Unless at some point you actually want to examine your logs.
Even a moderately busy production server will produce so much
crap from
that printer that it would be a nightmare to examine, if you had any
sort of incident. Not to mention all that wasted paper.
I know that you can dump event logs to a file, I seem to
recall it being
scriptable too, although scripting the actual burning may be the issue
here.
However most good server versions of backup software will let you dump
your event logs to their backup medium, which could be a CD-R.
If an incident does occur, event logs aren't a terribly great
source of
information, you'd be much better off paying attention to your IDS/IPS
system.
--
Barrie Dempster (zeedo) - Fortiter et Strenue
http://www.bsrf.org.uk
[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
