Feed: Logged - AggScore: 71.8
Story Clicks: 5
Related Feeds:
• Free Business Magazines Downloads, Free Trade Magazines Subscriptions, White Papers & Podcasts
• We Report
• Cheap Things To Do In London
• http://www.interactive-media-network.com
• Soulcast: solveforce's blog
• Free Business Magazines Downloads, Free Trade Magazines Subscriptions, White Papers & Podcasts
• We Report
• Cheap Things To Do In London
• http://www.interactive-media-network.com
• Soulcast: solveforce's blog
In this post, I will demonstrate a way to capture logs from a series of log files, and relay those logs to a central log server, where the logs will be separated into log files, as they existed on the original host.
Reading from files
Syslog-ng has the ability to pull log data from files, then treat [...]
Post from: Logged - Log Management BlogSegregating Logs From Different Log Files On A Centralized Log Server Using Syslog-NG
Date Published: Aug 23, 2009 - 2:22 pm
In a previous post, I wrote about the general use of syslog logs as a method of ensuring compliance with policy. This is a specific example of how one might use syslog to do that.
As IT operations mature, particularly in regulated environments, it is not uncommon for an organization’s security policy to require controls on [...]
Post from: Logged - Log Management BlogUsing Syslog Logs For Validation of Security Policy Compliance
Date Published: Aug 07, 2009 - 3:49 pm
An obvious weakness of the syslog network protocol is the ease of spoofing messages into a central syslog server. The default use of UDP as a transport and lack of any sort of authentication, in fact, make it trivial to spoof any part of a syslog message.
The most concerning issue with spoofing is faking the [...]
Post from: Logged - Log Management BlogHow To Avoid Source Spoofing In Centralized Syslog Environments
Date Published: May 17, 2009 - 2:04 pm
In a previous post, we looked at installing Snare to log Windows events to a syslog server. Here, we will configure syslog-ng to accept messages from Snare and implement a few simple customizations, including storing the logs in individual files. We will assume that Snare is operational for the purposes of this guide. Please see [...]
Post from: Logged - Log Management BlogConfiguring The Snare Windows Client And Syslog-NG To Work Together
Date Published: May 13, 2009 - 5:57 pm
Maintaining a reliable and secure repository of logs is important for many reasons: establishing a foresnic trail of evidence in the case of fraud or attack, and enabling event correlation across many devices, among others. Particularly in regulated industries, management should enact controls that prevent security, application and system logs from being tampered with.
Many organizations [...]
Post from: Logged - Log Management BlogEstablishing a Hardened Syslog Log Server
Date Published: Apr 29, 2009 - 4:58 pm
I was just catching up on my reading on Technorati and came across this article that details the ways attackers can cover their tracks upon compromising a Windows server. This article should server as a warning: if your logs are not moved off to a central server, you will lose visibility and key evidence on [...]
Post from: Logged - Log Management BlogOn The Importance of Centralized Windows Event Logging
Date Published: Apr 27, 2009 - 1:55 pm
There are now a bunch of commercial and open source agents that can run on a Windows system to take in Windows Event Logs and send them off to a syslog server. We’ll be looking at the Snare agent in this post.
As of this writing, Snare is compatible with Windows NT, 2000, XP, 2003 and [...]
Post from: Logged - Log Management BlogLogging Windows Events To Syslog Using Snare
Date Published: Apr 22, 2009 - 5:28 pm
Reports from system logs for compliance generally have the same basic requirements regardless of the standard being measured – whether PCI, SOX or FFIEC. There are some foundational requirements for compliance reporting of logs to be considered effective:
The data/time are synchronized throughout the environment. This is vital to be able to correlate events between systems [...]
Post from: Logged - Log Management BlogWhat To Look For In A Compliance Report From Logs
Date Published: Apr 21, 2009 - 3:10 pm
There are a growing number of Managed Security Service Providers (MSSP’s), such as IBM and Symantec, and Verisign, and other companies, such as Savvis, offering an outsourced service to collect and retain system logs, generally called a log management service (LMS). The initial instinct for many would be to reject such a crazy thought as [...]
Post from: Logged - Log Management BlogWhy Using A Log Management Service Might Be Right For You
Date Published: Apr 18, 2009 - 10:09 pm
I have been the subject of a pretty persistent brute force attack, where the attacker is attempting to ssh in with thousands of different host names and presumably weak passwords. Anyone who has run a server for a while has been the subject of such attacks. Typically, you can see the attack starting with names [...]
Post from: Logged - Log Management BlogInteresting ssh Brute Force Attack From Botnet
Date Published: Apr 17, 2009 - 3:08 pm
