I tried. I tried PIX v5.3 with syslog-ng.
Worked fine until I decide to stop syslog-ng.
PIX went to panic and died.

Dmitri

-----Original Message-----
From: Greg Shipley
To: FOCUS-IDSSECURITYFOCUS.COM
Sent: 02/05/2001 12:03 AM
Subject: Syslog over TCP (WAS: Re: New method)

On Mon, 30 Apr 2001, Devdas Bhagat wrote:

> > Yeah, that's why I mentioned syslog. If you put your mind to it,
you
> > can do a LOT with swatch and similar tools.
> Yeah, syslog is both a good and bad example.
> It is bad in that it is merely a best effort guarantee, and what we
> need is actual guarantee. (syslog overTCP?)

This is a bit of a tangent, and I won't even pretend that I've read that
entire "New Method" thread (yet), but the above reminded me that I
spotted
something in the new PIX OS that caught my interest: Syslog over TCP.
The new PIX OS (v6) has a log to TCPSyslog feature. Have I tried it
yet?
No - but it looks cool. :)

A few questions for the list:

a) does anyone know any more about this?
b) is this a standard, or some Cisco-only implementation?
c) finally, are there open syslog servers that support this?

I'll try and dig some info out of my Cisco contacts, but IMHO this is
interesting. Replacement to the secure-syslog working group? Heck no -
but definitely interesting.

-Greg

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]