[Note: Early-bird price ends in 3 days! Don't lose the discount!]
The PICC committee is excited to announce our closing keynote speaker:
Rebecca Mercuri on The Black Swan and Information Security
Dr. Mercuri is the lead forensic expert at Notable Software, Inc.
Her caseload has included matters
I have a test environment consisting of Win 2008 R2 Server and Windows
XP w/SP3, both running the latest Snare Agent for Windows, along with
RHEL 5.6 and RHEL 6.2 servers, all within a VM environment.
I am testing Linux as a central logging option. Snare Agent (free
version) uses UDP, so it is
On Mar 28, 2012, at 5:44 PM, Scott Ehrlich wrote:
Traffic is coming in, but I'd love to know where, if anywhere, it is
being written.
If it doesn't show up in /var/log/messages or /var/log/syslog then it isn't
being written anywhere. The traffic is being dropped. Perhaps your syslog
Richard Pieri wrote:
Perhaps your syslog daemon isn't configured for remote access?
That'd be my guess. Debian-universe distributions have remote reception
turned off by default. Other distributions probably do likewise.
netstat should be able to confirm if it is listening on the syslog port.