There are a lot of great tools for gathering logs. One thing I'd like feedback from the list on is sniffing syslog. There have been one or more tools over the years that allowed you to pull UDP port 514 packets off the wire and treat them as your own. We have this feature in our agent that also sniffs TCP session start/stop/bandwidth info. It is really useful. We have some university customers that pull syslog from all over their network without the admins knowing more or less.
Ron Gula Tenable Network Security _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
