Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Categorization of syslog/events for Linux & UNIX


  • Please log in to reply

#1
Mobi

Mobi

    Member

  • Member
  • PipPip
  • 52 posts
Hi guyz,

Hope you are fine and doing well. I am working on a task where I have to centrally collect all events from all nodes (Windows XP, LINUX and UNIX and Network Devices).

We are going to use third party software which will collect these events centrally. For windows it will requires WMI and Admin rights on that machine to collect events and for LINUX/UNIX we have to send the syslog to this third party software/application.

I do not want to get every event happening on the machines that’s why I have categorized the windows event which will be critical for our environment for that I have got a great help from Microsoft document, but I do not have enough information for Linux/Unix events/syslogs.

I will really appreciate if you please help me in this regard and give me information about the different types of Syslog and any documentation for implementing event monitoring related to Linux/Unix systems. As I do not want that syslog to degrade the performance of the system and the network. So I just want to select only those events which are critical.

Secondly is there any way that for windows we can also forward the events to this third party application? As I think the system admin will have a great issue for giving the admin rights or even creating an id that has admin rights on that system.
Thirdly being the IT Security Analyst do I have to look all these events or I will make sys admin responsible to act whenever there is a critical event generated and they get an alert on that? What will be the role of Security Analyst once the application is deployed?
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP