Hi guys,
vague question as it is... Say we need to filter only security related
events (from Cisco gear) on customer centralized syslog platform and
feed them into a security compliance tool-set (Tripwire Log Centre). I
know TLC is capable of sorting that out if you feed it a row syslog
stream with whatever is coming from the network devices. But we have a
constrain not to create another syslog traffic flow. Would it be fair to
say all messages with seventies up to informational carry security
events or can we exclude some event class(es) like critical?
Your suggestions would be very much appreciated.
Cheers
A.
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 26 2013 - 20:19:38 ART
This archive was generated by hypermail 2.2.0 : Wed May 01 2013 - 06:47:41 ART