Comments on: Establishing a Hardened Syslog Log Server http://www.syslog.org/logged/establishing-a-hardened-syslog-log-server/ Event and Log Management Thu, 11 Mar 2010 02:53:28 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Configuring SUDO for Effective Activity Monitoring Via Syslog | Logged http://www.syslog.org/logged/establishing-a-hardened-syslog-log-server/comment-page-1/#comment-9 Configuring SUDO for Effective Activity Monitoring Via Syslog | Logged Fri, 05 Feb 2010 22:26:45 +0000 http://www.syslog.org/logged/?p=78#comment-9 [...] cover his tracks by deleting logs.  This is best accomplished by streaming the logs to a hardened syslog server, where the administrator doesn’t have the ability to delete [...] [...] cover his tracks by deleting logs.  This is best accomplished by streaming the logs to a hardened syslog server, where the administrator doesn’t have the ability to delete [...]

]]> By: Building A Program To Manage And Monitor Administrators | Logged http://www.syslog.org/logged/establishing-a-hardened-syslog-log-server/comment-page-1/#comment-8 Building A Program To Manage And Monitor Administrators | Logged Sun, 24 Jan 2010 21:46:26 +0000 http://www.syslog.org/logged/?p=78#comment-8 [...] user monitoring program”, defined later.  Following the good practice of sending logs to a hardened log server for storage and processing will prevent determined administrators from covering his tracks by [...] [...] user monitoring program”, defined later.  Following the good practice of sending logs to a hardened log server for storage and processing will prevent determined administrators from covering his tracks by [...]

]]> By: Using Syslog Logs For Validation of Security Policy Compliance | Logged http://www.syslog.org/logged/establishing-a-hardened-syslog-log-server/comment-page-1/#comment-7 Using Syslog Logs For Validation of Security Policy Compliance | Logged Fri, 07 Aug 2009 21:49:26 +0000 http://www.syslog.org/logged/?p=78#comment-7 [...] ability to remove the log evidence of his presence, which is a very good reason to relay logs to a central syslog server.  It then becomes imperative that administrators with access to root accounts on systems do not [...] [...] ability to remove the log evidence of his presence, which is a very good reason to relay logs to a central syslog server.  It then becomes imperative that administrators with access to root accounts on systems do not [...]

]]>