How does one then protect the syslog server from tampering? The second part of the requirement (usually) is some sort of encryption or hashing process that protects the collected logs on the syslog server from even the admins.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Johnson - Adhost Sent: Tuesday, January 29, 2008 3:27 PM To: Kurt Buff Cc: [email protected] Subject: RE: Centralizing Event Viewer Logs Thanks for all the quick input folks. I will definitely look into each solution. -Ron -----Original Message----- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 29, 2008 12:24 PM To: Ron Johnson - Adhost Cc: [email protected] Subject: Re: Centralizing Event Viewer Logs There are several alternatives, but I've settled on the Kiwisoft syslog server (the free version is fine, but the pay version is cheap and does some very nice extra things) and the IntersectAlliance Snare syslog client. The Snare client takes each event entry, formats it to a single line, then sends it to the syslog server. Install it on each of your machines for which you are monitoring event logs, and it works nicely. On Jan 29, 2008 11:51 AM, Ron Johnson - Adhost <[EMAIL PROTECTED]> wrote: > Hello List: > > I was looking into options that will allow us to centralize Event Viewer > Logs in an Active Directory domain - can anyone recommend any software > for this? It would be great if we could find a piece of software that > does just this - not a full blown enterprise security solution that > cost$ and does many other things that we wouldn't use it for > necessarily. > > Thanks! > __________ NOD32 2232 (20070430) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
