On Mon, 2004-08-30 at 04:15, Ali Campbell wrote: > Sending logs to a printer makes the most sense to me. Absolutely > unhijackable, and a good use for that old 9-pin dotmatrix and 2000 > sheets of traction feed paper you have in the cupboard. Unless at some point you actually want to examine your logs. Even a moderately busy production server will produce so much crap from that printer that it would be a nightmare to examine, if you had any sort of incident. Not to mention all that wasted paper. I know that you can dump event logs to a file, I seem to recall it being scriptable too, although scripting the actual burning may be the issue here. However most good server versions of backup software will let you dump your event logs to their backup medium, which could be a CD-R. If an incident does occur, event logs aren't a terribly great source of information, you'd be much better off paying attention to your IDS/IPS system. -- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part