Privacy Policy

Guest
  • Guest
  • Guest Topic Starter
2001-08-20T01:31:28Z
Date parsed: 8/20/2001 1:31:28 AM

Date: Mon, 20 Aug 2001 09:31:28 -0700

I am very new to SL4NT so I apologize up front for asking such a basic

question.

I'm tasked with resolving a security requirement where event log entries on

a particular system are "replicated" to another system in which

administrator does not have access. This requirement is intended to provide

alternate event logs in the event the administrator decides to tamper with

the original logs on the system.

Can SL4NT provide this functionality? If not, does anyone know of a product

that can? The only technical requirement is that the replication must be

real-time, not a dump of the event logs at some scheduled interval.

Thanks, in advance, for any assistance provided. Again, sorry if this is

not the correct forum for this question.

Maria Gudewicz

Guest
  • Guest
  • Guest Topic Starter
2001-08-20T20:30:24Z
Date parsed: 8/20/2001 8:30:24 PM

Date: Mon, 20 Aug 2001 19:30:24 +0200

Hi Maria,

the functionality you need can be implemented using SL4NT by deploying a

"Forward syslog message" action.

If such an action is configured on system A, a syslog message received at

system A will then be forwarded as a syslog message to system B in

'realtime'.

Franz

"Maria Gudewicz" <lvgudewicz@yahoo.com> wrote in message

news:VCcW1XZKBHA.1632@is1.netal.com...

> I am very new to SL4NT so I apologize up front for asking such a basic

> question.

>

> I'm tasked with resolving a security requirement where event log entries

on

> a particular system are "replicated" to another system in which

> administrator does not have access. This requirement is intended to

provide

> alternate event logs in the event the administrator decides to tamper with

> the original logs on the system.

>

> Can SL4NT provide this functionality? If not, does anyone know of a

product

> that can? The only technical requirement is that the replication must be

> real-time, not a dump of the event logs at some scheduled interval.

>

> Thanks, in advance, for any assistance provided. Again, sorry if this is

> not the correct forum for this question.

>

> Maria Gudewicz

>

>

Guest
  • Guest
  • Guest Topic Starter
2001-08-21T01:09:20Z
Date parsed: 8/21/2001 1:09:20 AM

Date: Tue, 21 Aug 2001 09:09:20 -0700

Thanks for the information Franz. Another question, do I need a separate

viewer on the second system in order to view the event log messages?

Thanks again,

Maria

"Franz Krainer" <franzk@netal.com> wrote in message

news:WjH2L3ZKBHA.1632@is1.netal.com...

> Hi Maria,

>

> the functionality you need can be implemented using SL4NT by deploying a

> "Forward syslog message" action.

> If such an action is configured on system A, a syslog message received at

> system A will then be forwarded as a syslog message to system B in

> 'realtime'.

>

> Franz

>

>

>

> "Maria Gudewicz" <lvgudewicz@yahoo.com> wrote in message

> news:VCcW1XZKBHA.1632@is1.netal.com...

> > I am very new to SL4NT so I apologize up front for asking such a basic

> > question.

> >

> > I'm tasked with resolving a security requirement where event log entries

> on

> > a particular system are "replicated" to another system in which

> > administrator does not have access. This requirement is intended to

> provide

> > alternate event logs in the event the administrator decides to tamper

with

> > the original logs on the system.

> >

> > Can SL4NT provide this functionality? If not, does anyone know of a

> product

> > that can? The only technical requirement is that the replication must

be

> > real-time, not a dump of the event logs at some scheduled interval.

> >

> > Thanks, in advance, for any assistance provided. Again, sorry if this

is

> > not the correct forum for this question.

> >

> > Maria Gudewicz

> >

> >

>

>

Guest
  • Guest
  • Guest Topic Starter
2001-08-21T19:29:37Z
Date parsed: 8/21/2001 7:29:37 PM

Date: Tue, 21 Aug 2001 18:29:37 +0200

Hi Maria,

> I'm tasked with resolving a security requirement where event log entries

oops! Only now I see that you are talking about Event Log entries, not

syslog messages!

I'm sorry to tell you that SL4NT does not process Event Log entries (it can

log received syslog messages to the Event Log, but can not use the Event Log

as information source).

You'll have to look for another tool which can do what you need.

Sorry,

Franz

"Maria Gudewicz" <lvgudewicz@yahoo.com> wrote in message

news:3c0POwlKBHA.1632@is1.netal.com...

> Thanks for the information Franz. Another question, do I need a separate

> viewer on the second system in order to view the event log messages?

> Thanks again,

> Maria

>

> "Franz Krainer" <franzk@netal.com> wrote in message

> news:WjH2L3ZKBHA.1632@is1.netal.com...

> > Hi Maria,

> >

> > the functionality you need can be implemented using SL4NT by deploying a

> > "Forward syslog message" action.

> > If such an action is configured on system A, a syslog message received

at

> > system A will then be forwarded as a syslog message to system B in

> > 'realtime'.

> >

> > Franz

> >

> >

> >

> > "Maria Gudewicz" <lvgudewicz@yahoo.com> wrote in message

> > news:VCcW1XZKBHA.1632@is1.netal.com...

> > > I am very new to SL4NT so I apologize up front for asking such a basic

> > > question.

> > >

> > > I'm tasked with resolving a security requirement where event log

entries

> > on

> > > a particular system are "replicated" to another system in which

> > > administrator does not have access. This requirement is intended to

> > provide

> > > alternate event logs in the event the administrator decides to tamper

> with

> > > the original logs on the system.

> > >

> > > Can SL4NT provide this functionality? If not, does anyone know of a

> > product

> > > that can? The only technical requirement is that the replication must

> be

> > > real-time, not a dump of the event logs at some scheduled interval.

> > >

> > > Thanks, in advance, for any assistance provided. Again, sorry if this

> is

> > > not the correct forum for this question.

> > >

> > > Maria Gudewicz

> > >

> > >

> >

> >

>

>

Similar Topics