It is never too late to post your ideas. Maybe we consider them good enough to be put into an up2date, and at the least we will make a mental note for the next version.
Log deletion... is there a way we can get certain logs deleted at diff intervals then others. Such as keep the portscan logs for 3 weeks then delete them and HTTP logs be kept till the end of time or till the hard drive runs out of space whichever comes first. The reason I'm asking this is because Schools want to be able to keep logs of where students/teachers have been surfing for as long as possible yet hardly will ever look at Portscan logs or mail logs with the exception of Spam/Virus stats.
Log deletion... is there a way we can get certain logs deleted at diff intervals then others. Such as keep the portscan logs for 3 weeks then delete them and HTTP logs be kept till the end of time or till the hard drive runs out of space whichever comes first. The reason I'm asking this is because Schools want to be able to keep logs of where students/teachers have been surfing for as long as possible yet hardly will ever look at Portscan logs or mail logs with the exception of Spam/Virus stats.
[/ QUOTE ]
What about sending only the 'important' logfiles to a remote syslog server collecting all the data (e.g. from more than one ASL)?
Log deletion... is there a way we can get certain logs deleted at diff intervals then others. Such as keep the portscan logs for 3 weeks then delete them and HTTP logs be kept till the end of time or till the hard drive runs out of space whichever comes first. The reason I'm asking this is because Schools want to be able to keep logs of where students/teachers have been surfing for as long as possible yet hardly will ever look at Portscan logs or mail logs with the exception of Spam/Virus stats.
[/ QUOTE ]
What about sending only the 'important' logfiles to a remote syslog server collecting all the data (e.g. from more than one ASL)?
Marcel, the only reason I wasn't leaning towards a syslog server is sheer politics... most of the schools have had their budget cut back & can't fit in a syslog server & several don't want the main School district buildings to handle it. They want the logs local & don't want anyone but their techs & a very few teachers within the school to be able to see those logs.
