Protect SysLog Server & SNMP Data

[omery]

Hi All
I just descoverd the SysLog plug in. very helpfull.
I need to maintain and monitor the events of two of my Domain Controllers(2008 r2), File server(2008 r2) and credit card server (2003 r2).
Cacti syslog is doing the right job for me.
My issue is:
1. Protecting the Data inside the Syslog.
2. Protecting SNMP data (I did it before by implement IPSEC Policy when I had Cacti server running under Windows)
My environment:
Cacti (CactiEZ 0.8.7g plugin 2.2)
Cacti server is a VM guest of Hyper-v Cluster
Domain 2008

Any idea?
10X

[TheWitness]

You need to implement and event log to syslog service on your domain controllers and have them forward the events to the syslog server. Then you'll be fine, although the Syslog Plugin does not display translated Windows event's too well.

TheWitness

[omery]

Hi

I allready installed Datagram SyslogAgent for windows and it works grate
I did some fine tune for removals and alerts.

My Issue, Is there any security hazards for unathorize users to get inside the Syslog and see the data. I heared Ther is..

[TheWitness]

I don't think event log data is real critical. There are ways to exploit Databases with Syslog forwarders like syslog-ng and rsyslog, but I think both of these solutions have ways to sanitize the stream coming from foreign hosts. Even then, the only thing that can happen is that something that the syslog account has access to can be read. I don't think that you will expose the server unless you are running the daemon as 'root'.

So, the exposure is quite minor and not a Cacti issue per se.

TheWitness