[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Syslog server
 Date:  Thu, 29 Mar 2007 15:27:45 -0400
On 3/29/07, nl at forststrasse27 dot de <nl at forststrasse27 dot de> wrote:
> Hi,
> i'll switch to m0n0 (former astaro) and have a question considering
> logging..
> As I am new to this stuff is ther a HowTo or sth. For setting up a syslog
> server and getting the logs in a proper format for reporting? (Traffic,
> hardware, ...)

How to go about setting up a syslog server depends on your desired
server OS. If it's Windows, check out Kiwi syslog. If it's BSD or
Linux, you can use the stock syslogd or something like syslog-ng,
amongst other options. There's a lot of info out there on setting up
syslog servers, specific to whatever OS and software you want to use,
and mailing lists or forums specific to that software that will likely
be more helpful with that aspect than this list would be, simply
because you'll find more relevant talent and experience with your
specific situation there.

After you get the logs over to a syslog server, for reporting, look at
any number of firewall reporting packages that support ipfilter
version 3.x. That's the firewalling software m0n0wall uses and its
logs are what you'll be dealing with. Most every firewall reporting
software supports ipfilter logs, and there are a bunch of options for
reporting software as well, both commercial and free/open source.
Google will find plenty.