Feed: Logged - AggScore: 72.0

Samoa’s Time Zone Change Shows The Downside To Using Local Time For Time Stamps in Logs

---

Naked Security has a good post about Samoa’s move across the international date line.  Using a single time base can be very valuable in recreating the history of an event or incident.  Even if the clocks of all systems are synched using NTP, stitching together logs from systems in different time zones can be tedious, [...]

Logging and Syslog Best Practices

---

In this post, I will cover a basic set of best practices for managing logs. Depending on your specific objectives, regulatory requirements, and business constraints, there are likely to be a number of additional best practices. Forward syslog messages from clients to a secure syslog server. Enable NTP clock synchronization on all clients and on [...]

Reading Logs From A File In Syslog-NG

---

I had previously written a little snippet on how to pull logs in from a file, however there is a substantial amount more to consider when configuring syslog-ng to read from a file, so I have dedicated this post to reading logs from a text file. The basic structure for reading logs from a text [...]

Pot Of Syslog-NG Tricks Version 3

---

Retaining the original hostname of the origin of syslog messages through a Syslog-NG relay In some environments, syslog messages are concentrated and relayed through an intermediate syslog server.  One of the big deficiencies of the stock syslogd that comes with many Linux/UNIX operating systems is that they don’t provide the ability to keep the hostname [...]

Spam Attack Update

---

In a previous post, I described a spam attack the syslog forum was under. The attack intensified pretty dramatically after that post. This time, though, it was a focused attack by a bot-net registering dozens of accounts per hour. I had read that the CAPTCHA system in SMF, even at the highest setting, had been [...]

Forum Spammers Abound

---

I have managed the syslog.org site for over a decade now and I have seen a lot of spammers.  Fighting the spam battle used to be pretty straight forward on this low volume forum running the Simple Machines software.  When a forum only gets a few posts a week, it’s pretty easy to pick out [...]

Determining What To Monitor

---

Earlier in my career, I was the IT director for a medium sized enterprise and had responsibility for information security, in addition to networking, server ops, help desk, etc.  I was fortunate to be able to start with a mostly clean slate and had the help of many talented and energetic thinkers.  The company was [...]

Windows Syslog

---

Windows does not natively support either sending logs out as syslog messages.  There are a number of applications that will translate Windows Event Logs to syslog.  A partial list is: EventReporter Snare NTSyslog Why Send Event Logs To A Syslog Server? There are a few good reasons to export Windows Event Logs as syslog messages.  [...]

Log Analysis and Log Correlation Basics

---

Log data can provide benefits beyond the obvious notification of system events and security happenings.  Aggregated logs from a system or from multiple systems can provide a more complete picture of problems when those logs are correlated together.  To any experienced administrator, this is obvious.  Consider the following environment: In this scenario, the administrator is [...]

Using Trends In Logs To Define New Security Requirements For Internet Facing Hosts

---

I have a few servers at a colocation datacenter for running a number of sites, including this one.  I have written before about detecting brute force attacks in logs.   I have been watching the attacks continue in my logs, and have noticed a few things: 1. The attacks, as before, are coming from many different [...]