Darksat IT Security Forums
October 19, 2019, 06:43:32 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

Categorization of syslog/events for Linux & UNIX


Pages: [1]
  Print  
Author Topic: Categorization of syslog/events for Linux & UNIX  (Read 1657 times)
mobi_khan
31337
***
Posts: 42


View Profile
« on: March 02, 2010, 06:24:58 am »

Hi guyz,

Hope you are fine and doing well. I am working on a task where I have to centrally collect all events from all nodes (Windows XP, LINUX and UNIX and Network Devices).

We are going to use third party software which will collect these events centrally. For windows it will requires WMI and Admin rights on that machine to collect events and for LINUX/UNIX we have to send the syslog to this third party software/application.

I do not want to get every event happening on the machines thatís why I have categorized the windows event which will be critical for our environment for that I have got a great help from Microsoft document, but I do not have enough information for Linux/Unix events/syslogs.

I will really appreciate if you please help me in this regard and give me information about the different types of Syslog and any documentation for implementing event monitoring related to Linux/Unix systems. As I do not want that syslog to degrade the performance of the system and the network. So I just want to select only those events which are critical.

Secondly is there any way that for windows we can also forward the events to this third party application? As I think the system admin will have a great issue for giving the admin rights or even creating an id that has admin rights on that system.
Thirdly being the IT Security Analyst do I have to look all these events or I will make sys admin responsible to act whenever there is a critical event generated and they get an alert on that? What will be the role of Security Analyst once the application is deployed?
Report Spam   Logged

f.perfect
N00b
*
Posts: 1



View Profile WWW
« Reply #1 on: April 24, 2010, 01:11:02 am »

You can use Zabbix for that - it's agents can collect from Windows Event Log and they can also be configured to collect /var/log/messages on Linux hosts.
Report Spam   Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.016 seconds with 15 queries.