On 7 January 2013 15:18, Ralph Durkee <[email protected]> wrote: > You haven't given much background on why you want a syslog server. But you > may want to consider if something like OSSEC.net would be a better and more > complete solution. It's multi platform host based IPS with centralized > monitoring. Open source as well!
Unfortunately I can't give to much away as it is part of a commercial project, at the moment they just want me to evaluate how easy it is to set up and the gain an idea of how much data is generated each day. I'll have a look at OSSEC as well but I think from what I've been told that a simple syslog server with Snare to grab logs from Windows will do what they want. Robin > -- Ralph Durkee > > Xavier Mertens <[email protected]> wrote: >> >> Hi Robin, >> >> Consider using Syslog over TCP (+ TLS if you can't trust the network - can >> we? :-) >> rsyslog has a nice feature to queue your events when the central rsyslog >> is not available. >> >> Alternatively, you can use Splunk in distributed mode: collect locally and >> send to a central Splunk server >> >> (http://blog.rootshell.be/2012/12/22/howto-distributed-splunk-architecture/) >> >> (Splunk may become expensive if >500MB of data processed per day) >> >> /x >> >> -- >> Can't sleep, hackers will eat me! >> PGP Key: >> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42D006FD51AD7F2C >> >> On 07 Jan 2013, at 00:30, Robin Wood <[email protected]> wrote! >> : >> >>> On 6 January 2013 21:54, Doug Burks <[email protected]> wrote: >>>> >>>> Hi Robin, >>>> >>>> One option would be to install Security Onion and enable ELSA. You'll >>>> automatically get syslog-ng and a nice web interface to hunt through >>>> your >>>> logs. >>> >>> >>> I might do that as the server side, just need to figure out how to get >>> various machines to send all their stuff to it. >>> >>> Robin >>> >>>> Thanks, >>>> Doug >>>> >>>> >>>> On Sunday, January 6, 2013, Robin Wood wrote: >>>> >>>>> Hi >>>>> I'm going to be setting up a syslog server for the first time next >>>>> week, >>>>> can anyone recommended any good guides? >>>>> >>>>> I know there are quite a few out there but want a good, tested, one. >>>>> >>>>> Robin >>>> >>>> >>>> >>>> >>>> -- >>>> Doug Burks >>>> http://securityonion.blogspot.com >>>> >>>> >>>> ________________________________ >>>> >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> >>> ________________________________ >>> >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> >> ________________________________ >> >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
