syslog-ng configuration

Razzle · Posted: Wed Feb 04, 2004 5:25 pm Post subject: syslog-ng configuration

Hi!

I want to configure syslog-ng so that I'm informed about important events on my system (security breaches and other problems). The most important things should be sent by mail.

I've been looking at the man-page and I've seen a few example configs but there are so many options, it's easy to miss some important things.
Can someone show me a good syslog-ng.conf and explain in short terms why he has set certain options (the most important are enough)?
I do not have a pc I could use as log host at the moment though I know this is much more secure than storing the logs locally.

Also can you recommend me a tool that analyzes the logs and summarizes and displays them as HTML page?
I've seen some when looking with google but a recommendation would be helpful anyway

Shar · Posted: Wed Feb 04, 2004 7:02 pm Post subject:

There is a good config for syslog-ng to start with in the Gentoo Security Guide http://www.gentoo.org/doc/en/gentoo-security.xml. I highly recommend taking a look at the whole thing. The guide is quite well writtin (in this newb's opinion) and an excellent place to start with for all things relating to security.

As for an analyzer, I know I've seen a couple, but have only just started to use Webalizer to see what it can do. Webalizer is in the portage tree.
_________________
Linux user since 11/2001 # 345056
Gentoo user since 12/2003

Razzle · Posted: Wed Feb 04, 2004 7:35 pm Post subject:

I read that one, I just wondered if there's anything else that might be important to log.
And I want the opinions of a some users who are more experience than me and maybe some useful hints or suggestions