[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Fwd: [m0n0wall] Syslog server
 Date:  Thu, 29 Mar 2007 15:34:43 -0400
below came to me, intended for list.

I've used Splunk before, it's a nice option (one of many) for syslog.

---------- Forwarded message ----------
From: Ryan Crisman <rcrisman at tentec dot com>
Date: Mar 29, 2007 3:29 PM
Subject: Re: [m0n0wall] Syslog server
To: Chris Buechler <cbuechler at gmail dot com>

I myself use a linux server with Splunk on it to pull my logs from
m0n0wall.  Works very well too.

On 3/29/07, Chris Buechler < cbuechler at gmail dot com> wrote:
> On 3/29/07, nl at forststrasse27 dot de <nl at forststrasse27 dot de> wrote:
> > Hi,
> >
> > i'll switch to m0n0 (former astaro) and have a question considering
> > logging..
> >
> > As I am new to this stuff is ther a HowTo or sth. For setting up a syslog
> > server and getting the logs in a proper format for reporting? (Traffic,
> > hardware, ...)
> How to go about setting up a syslog server depends on your desired
> server OS. If it's Windows, check out Kiwi syslog. If it's BSD or
> Linux, you can use the stock syslogd or something like syslog-ng,
> amongst other options. There's a lot of info out there on setting up
> syslog servers, specific to whatever OS and software you want to use,
> and mailing lists or forums specific to that software that will likely
> be more helpful with that aspect than this list would be, simply
> because you'll find more relevant talent and experience with your
> specific situation there.
> After you get the logs over to a syslog server, for reporting, look at
> any number of firewall reporting packages that support ipfilter
> version 3.x. That's the firewalling software m0n0wall uses and its
> logs are what you'll be dealing with. Most every firewall reporting
> software supports ipfilter logs, and there are a bunch of options for
> reporting software as well, both commercial and free/open source.
> Google will find plenty.
> -Chris
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Ryan Crisman
Ten-Tec, Inc.
1185 Dolly Parton Parkway
Sevierville TN, 37862