LinuxSecurity.com: Flying Pigs: Snorting Next Generation Secure Remote Log Servers over TCP

[ Thanks to LinuxSecurity Contributor for this link. ]

"The precursor to this article, Creating Secure Remote Log Servers, was the first in a series of papers focused on walking readers through configuring and deploying secure remote log servers. This second paper in the series offers a much more robust alternative to first generation SYSLOG servers; providing a much more reliable remote logging facility that is effective for use within Honeynets (http://project.honeynet.org) and Intrusion Detection System deployments. Remote log servers can provide centralized logging capability for IDS' spread across large network environments. I have proposed this approach for centralized logging in large IDS deployments on government networks that typically consist of multiple CLASS A networks.

"What this paper hopes to accomplish is to walk its readers through building next generation secure remote log servers to use in any environment, more specifically those wanting to utilize this form of logging with the Snort Intrusion Detection System (http://www.snort.org)..."

Complete Story

Related Stories:

• LinuxWorld: How to Install PureSecure, the Painless IDS(May 02, 2002)
• LinuxSecurity.com: Snort Version 1.8.6 Released (Apr 12, 2002)
• LinuxWorld.com: How to Detect Intruders with ACID(Apr 11, 2002)
• LinuxSecurity.com: Snort-Setup for Statistics HOWTO(Jan 04, 2002)