Date parsed: 8/20/2001 1:31:28 AM
Date: Mon, 20 Aug 2001 09:31:28 -0700

I am very new to SL4NT so I apologize up front for asking such a basic
question.

I'm tasked with resolving a security requirement where event log entries on
a particular system are "replicated" to another system in which
administrator does not have access. This requirement is intended to provide
alternate event logs in the event the administrator decides to tamper with
the original logs on the system.

Can SL4NT provide this functionality? If not, does anyone know of a product
that can? The only technical requirement is that the replication must be
real-time, not a dump of the event logs at some scheduled interval.

Thanks, in advance, for any assistance provided. Again, sorry if this is
not the correct forum for this question.

Maria Gudewicz

Date parsed: 8/20/2001 8:30:24 PM
Date: Mon, 20 Aug 2001 19:30:24 +0200

Hi Maria,

the functionality you need can be implemented using SL4NT by deploying a
"Forward syslog message" action.
If such an action is configured on system A, a syslog message received at
system A will then be forwarded as a syslog message to system B in
'realtime'.

Franz



"Maria Gudewicz" <lvgudewicz@yahoo.com> wrote in message
news:VCcW1XZKBHA.1632@is1.netal.com...
> I am very new to SL4NT so I apologize up front for asking such a basic
> question.
>
> I'm tasked with resolving a security requirement where event log entries
on
> a particular system are "replicated" to another system in which
> administrator does not have access. This requirement is intended to
provide
> alternate event logs in the event the administrator decides to tamper with
> the original logs on the system.
>
> Can SL4NT provide this functionality? If not, does anyone know of a
product
> that can? The only technical requirement is that the replication must be
> real-time, not a dump of the event logs at some scheduled interval.
>
> Thanks, in advance, for any assistance provided. Again, sorry if this is
> not the correct forum for this question.
>
> Maria Gudewicz
>
>

Date parsed: 8/21/2001 1:09:20 AM
Date: Tue, 21 Aug 2001 09:09:20 -0700

Thanks for the information Franz. Another question, do I need a separate
viewer on the second system in order to view the event log messages?
Thanks again,
Maria

"Franz Krainer" <franzk@netal.com> wrote in message
news:WjH2L3ZKBHA.1632@is1.netal.com...
> Hi Maria,
>
> the functionality you need can be implemented using SL4NT by deploying a
> "Forward syslog message" action.
> If such an action is configured on system A, a syslog message received at
> system A will then be forwarded as a syslog message to system B in
> 'realtime'.
>
> Franz
>
>
>
> "Maria Gudewicz" <lvgudewicz@yahoo.com> wrote in message
> news:VCcW1XZKBHA.1632@is1.netal.com...
> > I am very new to SL4NT so I apologize up front for asking such a basic
> > question.
> >
> > I'm tasked with resolving a security requirement where event log entries
> on
> > a particular system are "replicated" to another system in which
> > administrator does not have access. This requirement is intended to
> provide
> > alternate event logs in the event the administrator decides to tamper
with
> > the original logs on the system.
> >
> > Can SL4NT provide this functionality? If not, does anyone know of a
> product
> > that can? The only technical requirement is that the replication must
be
> > real-time, not a dump of the event logs at some scheduled interval.
> >
> > Thanks, in advance, for any assistance provided. Again, sorry if this
is
> > not the correct forum for this question.
> >
> > Maria Gudewicz
> >
> >
>
>

Date parsed: 8/21/2001 7:29:37 PM
Date: Tue, 21 Aug 2001 18:29:37 +0200

Hi Maria,

> I'm tasked with resolving a security requirement where event log entries

oops! Only now I see that you are talking about Event Log entries, not
syslog messages!

I'm sorry to tell you that SL4NT does not process Event Log entries (it can
log received syslog messages to the Event Log, but can not use the Event Log
as information source).

You'll have to look for another tool which can do what you need.

Sorry,
Franz

"Maria Gudewicz" <lvgudewicz@yahoo.com> wrote in message
news:3c0POwlKBHA.1632@is1.netal.com...
> Thanks for the information Franz. Another question, do I need a separate
> viewer on the second system in order to view the event log messages?
> Thanks again,
> Maria
>
> "Franz Krainer" <franzk@netal.com> wrote in message
> news:WjH2L3ZKBHA.1632@is1.netal.com...
> > Hi Maria,
> >
> > the functionality you need can be implemented using SL4NT by deploying a
> > "Forward syslog message" action.
> > If such an action is configured on system A, a syslog message received
at
> > system A will then be forwarded as a syslog message to system B in
> > 'realtime'.
> >
> > Franz
> >
> >
> >
> > "Maria Gudewicz" <lvgudewicz@yahoo.com> wrote in message
> > news:VCcW1XZKBHA.1632@is1.netal.com...
> > > I am very new to SL4NT so I apologize up front for asking such a basic
> > > question.
> > >
> > > I'm tasked with resolving a security requirement where event log
entries
> > on
> > > a particular system are "replicated" to another system in which
> > > administrator does not have access. This requirement is intended to
> > provide
> > > alternate event logs in the event the administrator decides to tamper
> with
> > > the original logs on the system.
> > >
> > > Can SL4NT provide this functionality? If not, does anyone know of a
> > product
> > > that can? The only technical requirement is that the replication must
> be
> > > real-time, not a dump of the event logs at some scheduled interval.
> > >
> > > Thanks, in advance, for any assistance provided. Again, sorry if this
> is
> > > not the correct forum for this question.
> > >
> > > Maria Gudewicz
> > >
> > >
> >
> >
>
>