From owner-freebsd-security  Mon Feb 19  2: 5: 7 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gwdu42.gwdg.de (gwdu42.gwdg.de [134.76.10.26])
	by hub.freebsd.org (Postfix) with ESMTP id D473137B401
	for <freebsd-security@freebsd.org>; Mon, 19 Feb 2001 02:05:01 -0800 (PST)
Received: from partner.uni-psych.gwdg.de ([134.76.136.114])
	by gwdu42.gwdg.de with esmtp (Exim 3.14 #18)
	id 14UnBa-0005ft-00; Mon, 19 Feb 2001 11:04:50 +0100
Mime-Version: 1.0
X-Sender: rbeer@popper.gwdg.de
Message-Id: <p04330102b6b69f70835f@[134.76.136.114]>
In-Reply-To: <20010218170753.A85795@numachi.com>
References: <20010218170753.A85795@numachi.com>
Date: Mon, 19 Feb 2001 11:04:41 +0100
To: Brian Reichert <reichert@numachi.com>
From: Ragnar Beer <rbeer@uni-goettingen.de>
Subject: Re: Remote logging
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>Date: Sun, 18 Feb 2001 17:05:07 -0500
>From: Brian Reichert <reichert@numachi.com>
>To: Carroll Kong <damascus@home.com>
>Subject: Re: Remote logging
>

snip

>- The host(s) generating syslog packets: your log auditing would
>   involve looking for traffic anomalies.  Absence of syslog packets
>   from any one host is an anomaly. :)

That's another thing I'm not familiar with:
What are good tools for log auditing?
Are there any that do anomaly analysis?

Ragnar


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message