If the objective of this syslog server is to provide evidence for the courts, I would be interested in hearing how you will allow this to be admissible.
Any syslog server running on a Microsoft Operating system will have the same potential problem, one of "Chain of Custody" and unmodified log files. As some of you already know, Microsoft has changed it's license agreements. If you have added the current Microsoft Service packs or Microsoft Media Player, you give Microsoft the rights to scan your hard drive, remotely and apply service packs at will. In many cases, this takes Microsoft out of the running as a syslog server in environments where compliance to GLB or HIPAA is required. At least, this will provide a great deal of doubt to the integrity of the log files. In short, you may want to go the cheaper route and install a LINUX system with syslog. Joe Klein, CISSP IAM -----Original Message----- From: Omar Khawaja [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 11:43 AM To: 'Shaun Sturby'; [EMAIL PROTECTED] Cc: 'netsec novice' Subject: RE: Syslog tools Kiwi is also a great (and most importantly, FREE) syslog daemon: http://www.kiwisyslog.com/ -----Original Message----- From: Shaun Sturby [mailto:[EMAIL PROTECTED]] Sent: Friday, September 06, 2002 5:54 PM To: [EMAIL PROTECTED] Cc: 'netsec novice' Subject: RE: Syslog tools Hello N, Take a look at Logalot from Somix (www.somix.com) It runs on Windows, is based on Apache and MySQL has unlimited number of devices and can watch the Windows logs as well. It is even smart enough to be able to alert you via pager, beeper, email and your own program if somthing logged violates a policy you have set. Shaun -----Original Message----- From: netsec novice [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 05, 2002 5:48 PM To: [EMAIL PROTECTED] Subject: Syslog tools Can anyone recommend products free/paid that would provide centralized logging from multiple sources? The sources would be IIS logs, Cisco router logs, Checkpoint firewall logs etc. Thanks for any suggestions... N ________________________________________________________________________ ___________ IMail Server has scanned this e-mail for viruses using Declude Virus from Optrics.com
