Comments for Logged

Comment on Interesting ssh Brute Force Attack From Botnet by Using Trends In Logs To Define New Security Requirements For Internet Facing Hosts | Logged

Thu, 11 Mar 2010 02:53:28 +0000

[...] datacenter for running a number of sites, including this one. I have written before about detecting brute force attacks in logs. I have been watching the attacks continue in my logs, and have noticed a few [...]

Comment on Logging Windows Events To Syslog Using Snare by admin

admin — Tue, 23 Feb 2010 22:32:24 +0000

No problem. Thanks for making Snare!

Comment on Logging Windows Events To Syslog Using Snare by Leigh

Leigh — Tue, 23 Feb 2010 21:33:35 +0000

Thanks for the positive comments on Snare!

Glad you liked the USB features – it was a real chore to get right.

Regards,

Leigh (InterSect/Snare developer).

Comment on Logging Windows Events To Syslog Using Snare by Running Syslog-NG on Windows | Logged

Running Syslog-NG on Windows | Logged — Mon, 22 Feb 2010 16:24:45 +0000

[...] This post describes running syslog-ng as a server on Windows. In another post, we describe how to send Windows Event Logs to syslog. [...]

Comment on Building A Program To Manage And Monitor Administrators by Defining Log Management and Log Monitoring Objectives | Logged

Defining Log Management and Log Monitoring Objectives | Logged — Fri, 12 Feb 2010 23:19:27 +0000

[...] This is one area of log management that many organizations unintentionally overlook, because the perceived risk is not very high, the administrators are unaware of the options, and more commonly, the view that monitoring the activity of administrators is futile because such monitoring could be bypassed by a skilled administrator. In separate post, I describe a process to monitor the activities of administrators. [...]

Comment on Establishing a Hardened Syslog Log Server by Configuring SUDO for Effective Activity Monitoring Via Syslog | Logged

Configuring SUDO for Effective Activity Monitoring Via Syslog | Logged — Fri, 05 Feb 2010 22:26:45 +0000

[...] cover his tracks by deleting logs. This is best accomplished by streaming the logs to a hardened syslog server, where the administrator doesn’t have the ability to delete [...]

Comment on Establishing a Hardened Syslog Log Server by Building A Program To Manage And Monitor Administrators | Logged

Building A Program To Manage And Monitor Administrators | Logged — Sun, 24 Jan 2010 21:46:26 +0000

[...] user monitoring program”, defined later. Following the good practice of sending logs to a hardened log server for storage and processing will prevent determined administrators from covering his tracks by [...]

Comment on Establishing a Hardened Syslog Log Server by Using Syslog Logs For Validation of Security Policy Compliance | Logged

Using Syslog Logs For Validation of Security Policy Compliance | Logged — Fri, 07 Aug 2009 21:49:26 +0000

[...] ability to remove the log evidence of his presence, which is a very good reason to relay logs to a central syslog server. It then becomes imperative that administrators with access to root accounts on systems do not [...]

Comment on Logging Windows Events To Syslog Using Snare by Configuring syslog-ng to work with Snare | Logged

Configuring syslog-ng to work with Snare | Logged — Wed, 13 May 2009 23:57:35 +0000

[...] a previous post, we looked at installing Snare to log Windows events to a syslog server. Here, we will configure syslog-ng to accept messages from Snare and implement a few simple [...]

Comment on Why Using A Log Management Service Might Be Right For You by Establishing a Hardened Syslog Log Server | Logged

Establishing a Hardened Syslog Log Server | Logged — Wed, 29 Apr 2009 22:58:42 +0000

[...] The depth of protections that may need to be applied to a logs provides a good example of why a Log Management Service should be considered. Tags: Centralized Log Server, Log Management Service Published by admin on [...]