[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] write events log to CD?

I agree, it's not really useful to have them on printed paper (but, of
course, you could scan and OCR it ;)). Sending them to syslog makes
sense for many organizations. There are several solutions to do so. See
www.eventreporter.com or
http://www.intersectalliance.com/projects/Snare/ for examples.

Rainer

> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of 
> Barrie Dempster
> Sent: Monday, August 30, 2004 11:07 AM
> To: Ali Campbell
> Cc: Full Disclosure
> Subject: Re: [Full-Disclosure] write events log to CD?
> 
> On Mon, 2004-08-30 at 04:15, Ali Campbell wrote:
> > Sending logs to a printer makes the most sense to me. Absolutely 
> > unhijackable, and a good use for that old 9-pin dotmatrix and 2000 
> > sheets of traction feed paper you have in the cupboard.
> 
> Unless at some point you actually want to examine your logs.
> Even a moderately busy production server will produce so much 
> crap from
> that printer that it would be a nightmare to examine, if you had any
> sort of incident. Not to mention all that wasted paper.
> 
> 
> I know that you can dump event logs to a file, I seem to 
> recall it being
> scriptable too, although scripting the actual burning may be the issue
> here.
> However most good server versions of backup software will let you dump
> your event logs to their backup medium, which could be a CD-R.
> 
> If an incident does occur, event logs aren't a terribly great 
> source of
> information, you'd be much better off paying attention to your IDS/IPS
> system.
> -- 
> Barrie Dempster (zeedo) - Fortiter et Strenue
> 
>   http://www.bsrf.org.uk
> 
> [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html