You haven't given much background on why you want a syslog server. But you may want to consider if something like OSSEC.net would be a better and more complete solution. It's multi platform host based IPS with centralized monitoring. Open source as well! -- Ralph Durkee
Xavier Mertens <[email protected]> wrote: >Hi Robin, > >Consider using Syslog over TCP (+ TLS if you can't trust the network - >can we? :-) >rsyslog has a nice feature to queue your events when the central >rsyslog is not available. > >Alternatively, you can use Splunk in distributed mode: collect locally >and send to a central Splunk server >(http://blog.rootshell.be/2012/12/22/howto-distributed-splunk-architecture/) > >(Splunk may become expensive if >500MB of data processed per day) > >/x > >-- >Can't sleep, hackers will eat me! >PGP Key: >http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42D006FD51AD7F2C > >On 07 Jan 2013, at 00:30, Robin Wood <[email protected]> wrote: > >> On 6 January 2013 21:54, Doug Burks <[email protected]> wrote: >>> Hi Robin, >>> >>> One option would be to install Security Onion and enable ELSA. >You'll >>> automatically get syslog-ng and a nice web interface to hunt through >your >>> logs. >> >> I might do that as the server side, just need to figure out how to >get >> various machines to send all their stuff to it. >> >> Robin >> >>> Thanks, >>> Doug >>> >>> >>> On Sunday, January 6, 2013, Robin Wood wrote: >>>> >>>> Hi >>>> I'm going to be setting up a syslog server for the first time next >week, >>>> can anyone recommended any good guides? >>>> >>>> I know there are quite a few out there but want a good, tested, >one. >>>> >>>> Robin >>> >>> >>> >>> -- >>> Doug Burks >>> http://securityonion.blogspot.com >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > >_______________________________________________ >Pauldotcom mailing list >[email protected] >http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
