FeedAgg.com Logo
Your Account | Sign In | Sign Up

Add Feed | Search | Home | Help | Contact | Blog

Feed: Logged - AggScore: 72.0



Summary: Logged


Event and Log Management

Samoa’s Time Zone Change Shows The Downside To Using Local Time For Time Stamps in Logs


Naked Security has a good post about Samoa’s move across the international date line.  Using a single time base can be very valuable in recreating the history of an event or incident.  Even if the clocks of all systems are synched using NTP, stitching together logs from systems in different time zones can be tedious, [...]
Date Published: Dec 29, 2011 - 9:45 pm



Logging and Syslog Best Practices


In this post, I will cover a basic set of best practices for managing logs. Depending on your specific objectives, regulatory requirements, and business constraints, there are likely to be a number of additional best practices. Forward syslog messages from clients to a secure syslog server. Enable NTP clock synchronization on all clients and on [...]
Date Published: Oct 04, 2010 - 7:16 pm



Reading Logs From A File In Syslog-NG


I had previously written a little snippet on how to pull logs in from a file, however there is a substantial amount more to consider when configuring syslog-ng to read from a file, so I have dedicated this post to reading logs from a text file. The basic structure for reading logs from a text [...]
Date Published: Jul 25, 2010 - 9:28 am


Pot Of Syslog-NG Tricks Version 3


Retaining the original hostname of the origin of syslog messages through a Syslog-NG relay In some environments, syslog messages are concentrated and relayed through an intermediate syslog server.  One of the big deficiencies of the stock syslogd that comes with many Linux/UNIX operating systems is that they don’t provide the ability to keep the hostname [...]
Date Published: Apr 15, 2010 - 11:55 am


Spam Attack Update


In a previous post, I described a spam attack the syslog forum was under. The attack intensified pretty dramatically after that post. This time, though, it was a focused attack by a bot-net registering dozens of accounts per hour. I had read that the CAPTCHA system in SMF, even at the highest setting, had been [...]
Date Published: Apr 12, 2010 - 6:27 am


Forum Spammers Abound


I have managed the syslog.org site for over a decade now and I have seen a lot of spammers.  Fighting the spam battle used to be pretty straight forward on this low volume forum running the Simple Machines software.  When a forum only gets a few posts a week, it’s pretty easy to pick out [...]
Date Published: Apr 08, 2010 - 8:54 pm


Determining What To Monitor


Earlier in my career, I was the IT director for a medium sized enterprise and had responsibility for information security, in addition to networking, server ops, help desk, etc.  I was fortunate to be able to start with a mostly clean slate and had the help of many talented and energetic thinkers.  The company was [...]
Date Published: Mar 27, 2010 - 9:32 pm


Windows Syslog


Windows does not natively support either sending logs out as syslog messages.  There are a number of applications that will translate Windows Event Logs to syslog.  A partial list is: EventReporter Snare NTSyslog Why Send Event Logs To A Syslog Server? There are a few good reasons to export Windows Event Logs as syslog messages.  [...]
Date Published: Mar 22, 2010 - 3:44 pm


Log Analysis and Log Correlation Basics


Log data can provide benefits beyond the obvious notification of system events and security happenings.  Aggregated logs from a system or from multiple systems can provide a more complete picture of problems when those logs are correlated together.  To any experienced administrator, this is obvious.  Consider the following environment: In this scenario, the administrator is [...]
Date Published: Mar 15, 2010 - 1:54 pm


Using Trends In Logs To Define New Security Requirements For Internet Facing Hosts


I have a few servers at a colocation datacenter for running a number of sites, including this one.  I have written before about detecting brute force attacks in logs.   I have been watching the attacks continue in my logs, and have noticed a few things: 1. The attacks, as before, are coming from many different [...]
Date Published: Mar 10, 2010 - 7:53 pm


 
Visitor Rating: 7.5 (2) (Rate)

Story Clicks: 44

Feed Views: 126

Lenses (Add|?)

Comments (Log in to add)

Feed Details
Date Added: 04/24/2009
Date Approved: 04/24/2009
By: Anonymous
Search FeedAgg.com




3600 sp7499 serv 2.2168 seconds to generate.