2

My Question: Does such a service currently exist, and if so, where on the web?

Details: I understand that I can pay a consultant to build and host such a system, but I am wanting something that is subsidized by "enterprises" paying $$$$$ for stuff and power users getting to piggy-back on the infrastructure for only $. A "non-commercial" option for us power geeks.

I'm looking for a service to securely store syslog-ish information.

I have a few home computers, a few hosted virtual servers, misc websites, etc. They all generate various warnings, alerts, info messages, etc. through various means. I also have accounts at free website monitoring services to alert me when a website goes down.

I can't trust my own skills to "guarantee" that my own sites are secure, so I want to use somebody else's professionally secured web service to keep my messages. I want to store warning messages, alerts, audit trails, etc. Something SNMP-ish. Something syslog-ish.

Wants:

  • encrypted connection required
  • a write-only PKI cert for my machines to push data
  • a separate read-only PKI cert for me to view/retrieve data.
  • data cannot be deleted in real-time (harder for hackers to erase their tracks)
  • data can only be deleted via a more secure human-in-the-loop method (again to make it more difficult for hackers)
  • option for encrypted backups to optical media automated and shipped to my home at chosen intervals.
  • "virtually unlimited" storage for my messages.
  • open API that leverages/wraps ssl tunneled SNMP, syslog, etc.

Basically I don't trust my own skills and want to pay somebody else to "insure" that I can have logs and audit trails, etc. even after a complete physical disaster or comprehensive hacking of all my systems.

tinjaw
  • 21
  • 3
  • darn! If you'd asked this a year ago, I could've recommended two appliances.. but I can't recall their names now :( – warren Sep 07 '09 at 01:49

4 Answers4

2

This is a previous answer of mine to a different question but I think it might help you if you can't find a better option.

I think that a lot of your "wants" could be addressed by using syslog-ng, stunnel, and then hardening the syslog server. They main key here seems to be simply making your syslog server as secure as possible. Limit the connections it accepts, etc, etc.

My original post can be found here:

How would you send syslog *securely* over the public Internet?

There are also other people's answers which might be able to point you in the right direction as well.

Have you tried syslog-ng and stunnel?

  1. Install Stunnel
  2. Create certificate files for syslog-ng over Stunnel
  3. Configure Stunnel for Use With syslog-ng
  4. Install syslog-ng
  5. Configure syslog-ng
  6. DONE!

NOTE:

Stunnel (http://www.stunnel.org) is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Community
  • 1
KPWINC
  • 11,274
  • 3
  • 36
  • 44
1

You're describing a valuable service that, as far as I can tell, isn't saturated with companies jumping on the bandwagon.

The closest that my searches have come is LogLogic (http://loglogic.com/). Maybe you should talk to a representative there to see what services they offer. You might find what you're looking for.

Matt Simmons
  • 20,218
  • 10
  • 67
  • 114
0

http://loggly.com/ and https://logentries.com/ both look promising, though I haven't used either of them personally yet.

Andy Tiffany
  • 1
  • Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Scott Pack Oct 11 '12 at 18:33
0

http://www.spiceworks.com/ sounds like it might be right for you.

robbyt
  • 1,622
  • 3
  • 14
  • 26