Should also mention that the same people who make Monitorware and Winsyslog
also have a port of UNIX logger (www.monitorware.com/logger) that works
wonderfully. Previous versions were free (google), but I don't think their
free version supported syslog-ng (not sure about this, though).
Gord T. (GCIH, CISSP, GEEK)
On 6/22/07, Gord Taylor <taylorgo (at) gmail (dot) com [email concealed]> wrote:
>
> I've been using MonitorWare (and WinSyslog) for a long time as well and
> it's solid - never a problem when receiving logs from Windows, Unix, or
> Firewalls. From experience it can handle a large load as well - 6,000+
> event/sec sustained until I run out of disk :) It can route to file based on
> IP address as well, so any syslog priority conflicts can be resolve by
> routing based on IP. Also allows for alerting, SMTP e-mail, etc.. Support
> for syslog-ng is stable too, not just traditional UDP. The previous version
> had a bug with TCP sessions being re-established too frequently but this has
> been fixed.
>
> I can also echo the same experiences Johnny has had with Snare and
> restarts, but it happens more frequently than I like.
>
> I've also used NTSyslog (old), which Snare inherited it's code-base
> from seems to have the same periodic problems under heavy load where it will
> just slowdown and start skipping events. A restart resolves it, but is hard
> to identify until well after the problem has occured (log loss).
>
> I've started playing with Lasso (which is the only syslog-ng for windows I
> know of), but haven't used it in production. In playing with it though, I've
> found that some of the logs get wrapped to 2 lines under load when it caches
> to disk. I have NOT investigated the cause for this, so it might just be
> something in my implementation. One issue that CAN be a problem with Lasso
> (especially with the new log format under Longhorn) is that they hard-code a
> maximum log line length of 1024 bytes. Even with Windows 2003's object
> auditing, an event can get longer than this.
>
>
> On 6/22/07, jcalhoun (at) securityeventmonitoring (dot) com [email concealed] <jcalhoun (at) securityeventmonitoring (dot) com [email concealed]>
> wrote:
> >
> >
> > Snare - Free and easy to setup
> >
> > MonitorWare - small fee, but dependable and has ability to monitor flat
> > files
> >
> > Lasso - Free and most scalable solution, doesn't require an agent on
> > every machine you wish to retrieve logs from. Requires Domain Admin or
> > Local Admin privs to pull logs.
> >
> > I have used both Snare and Monitorware extensively on thousands of
> > devices. Sometimes Snare will have to be restarted, or it loses it's
> > place in the log and suddenly sends you the entire queue from the
> > beginning, but you get what you pay for :). We are beginning to look
> > into Lasso more and more due to its agent-less design and ease of
> > deployment and maintenance.
> >
> > Thanks,
> > Johnny Calhoun
> > jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
> >
> >
> > > -------- Original Message --------
> > > Subject: [logs] Syslog and Windows
> > > From: "Bill Scherr IV" <bschnzl (at) cotse (dot) net [email concealed]>
> > > Date: Fri, June 22, 2007 12:35 am
> > > To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> > >
> > > All...
> > >
> > > What do you suggest for sending windows logs to syslog
> > >
> > > B.
> > >
> > > On 18 Jun 2007, a message purporting to be from Chris Brenton
> > appeared:
> > >
> > > Subject: Re: [logs] Facility 101 (was: Syslog and
> > facilities)
> > > From: Chris Brenton < cbrenton (at) chrisbrenton (dot) org [email concealed]>
> > > To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> > > Date sent: Mon, 18 Jun 2007 09:04:41 -0400
> > >
> > > > The other problem is some of the facilities are a bit dated. For
> > > example
> > > > there is a facility for FTP (11) but not HTTP. UUCP even has its own
> > > > facility (8) but of course no one uses it anymore (I use it for my
> > > Windows
> > > > stuff. Keeps it from getting mixed in with other log entries ;-)
> > > >
> > >
> > > Bill Scherr IV, GSEC, GCIA
> > > Principal Security Engineer
> > > EWA Information and Infrastructure Technologies
> > > bscherr (at) iit-tek (dot) com [email concealed]
> > > bscherr (at) ewa (dot) com [email concealed]
> > > 703-478-7608
> > >
> > > _______________________________________________
> > > LogAnalysis mailing list
> > > LogAnalysis (at) loganalysis (dot) org [email concealed]
> > > http://www.loganalysis.org/mailman/listinfo/loganalysis
> >
> > _______________________________________________
> > LogAnalysis mailing list
> > LogAnalysis (at) loganalysis (dot) org [email concealed]
> > http://www.loganalysis.org/mailman/listinfo/loganalysis
> >
>
>
<div>Should also mention that the same people who make Monitorware and Winsyslog also have a port of UNIX logger (<a href="http://www.monitorware.com/logger">www.monitorware.com/logger</a>)
that works wonderfully. Previous versions were free (google), but I don't think their free version supported syslog-ng (not sure about this, though).
</div>
<div> </div>
<div>Gord T. (GCIH, CISSP, GEEK)<br><br> </div>
<div><span class="gmail_quote">On 6/22/07, <b class="gmail_sendername">Gord Taylor</b> <<a href="mailto:taylorgo (at) gmail (dot) com [email concealed]">taylorgo (at) gmail (dot) com [email concealed]</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>I've been using MonitorWare (and WinSyslog) for a long time as well and it's solid - never a problem when receiving logs from Windows, Unix, or Firewalls. From experience it can handle a large load as well - 6,000+ event/sec sustained until I run out of disk :) It can route to file based on IP address as well, so any syslog priority conflicts can be resolve by routing based on IP. Also allows for alerting, SMTP e-mail, etc.. Support for syslog-ng is stable too, not just traditional UDP. The previous version had a bug with TCP sessions being re-established too frequently but this has been fixed.
</div>
<div> </div>
<div>I can also echo the same experiences Johnny has had with Snare and restarts, but it happens more frequently than I like.</div>
<div> </div>
<div>I've also used NTSyslog (old), which Snare inherited it's code-base from seems to have the same periodic problems under heavy load where it will just slowdown and start skipping events. A restart resolves it, but is hard to identify until well after the problem has occured (log loss).
</div>
<div> </div>
<div>I've started playing with Lasso (which is the only syslog-ng for windows I know of), but haven't used it in production. In playing with it though, I've found that some of the logs get wrapped to 2 lines under load when it caches to disk. I have NOT investigated the cause for this, so it might just be something in my implementation. One issue that CAN be a problem with Lasso (especially with the new log format under Longhorn) is that they hard-code a maximum log line length of 1024 bytes. Even with Windows 2003's object auditing, an event can get longer than this.
<br><br> </div>
<div><span class="e" id="q_11354318b3d52613_1">
<div><span class="gmail_quote">On 6/22/07, <b class="gmail_sendername"><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:jcalhoun (at) securityeventmonitoring (dot) com [email concealed]" target="_blank">jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
</a></b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:jcalhoun (at) securityeventmonitoring (dot) com [email concealed]" target="_blank"> jcalhoun (at) securityeventmonitoring (dot) com [email concealed]</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>Snare - Free and easy to setup<br><br>MonitorWare - small fee, but dependable and has ability to monitor flat
<br>files<br><br>Lasso - Free and most scalable solution, doesn't require an agent on<br>every machine you wish to retrieve logs from. Requires Domain Admin or<br>Local Admin privs to pull logs.<br><br>I have used both Snare and Monitorware extensively on thousands of
<br>devices. Sometimes Snare will have to be restarted, or it loses it's<br>place in the log and suddenly sends you the entire queue from the<br>beginning, but you get what you pay for :). We are beginning to look<br>
into Lasso more and more due to its agent-less design and ease of<br>deployment and maintenance.<br><br>Thanks,<br>Johnny Calhoun<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:jcalhoun (at) securityeventmonitoring (dot) com [email concealed]" target="_blank">
jcalhoun (at) securityeventmonitoring (dot) com [email concealed] </a><br><br><br>> -------- Original Message --------<br>> Subject: [logs] Syslog and Windows<br>> From: "Bill Scherr IV" <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:bschnzl (at) cotse (dot) net [email concealed]" target="_blank">
bschnzl (at) cotse (dot) net [email concealed]</a>><br>> Date: Fri, June 22, 2007 12:35 am <br>> To: loganalysis <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:loganalysis (at) loganalysis (dot) org [email concealed]" target="_blank">loganalysis (at) loganalysis (dot) org [email concealed]
</a>><br>><br>> All...<br>><br>> What do you suggest for sending windows logs to syslog<br>><br>> B. <br>><br>> On 18 Jun 2007, a message purporting to be from Chris Brenton appeared:<br>>
<br>> Subject: &nbs
p; Re: [logs] Facility 101 (was: Syslog and facilities)<br>> From: &
nbsp; Chris Brenton < <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cbrenton (at) chrisbrenton (dot) org [email concealed]" target="_blank">
cbrenton (at) chrisbrenton (dot) org [email concealed]</a>><br>> To: &nb
sp; loganalysis <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:loganalysis (at) loganalysis (dot) org [email concealed]" target="_blank">loganalysis (at) loganalysis (dot) org [email concealed]
</a>><br>> Date sent: &
nbsp;Mon, 18 Jun 2007 09:04:41 -0400 <br>><br>> > The other problem is some of the facilities are a bit dated. For<br>> example<br>> > there is a facility for FTP (11) but not HTTP. UUCP even has its own
<br>> > facility (8) but of course no one uses it anymore (I use it for my <br>> Windows<br>> > stuff. Keeps it from getting mixed in with other log entries ;-)<br>> ><br>><br>> Bill Scherr IV, GSEC, GCIA
<br>> Principal Security Engineer<br>> EWA Information and Infrastructure Technologies <br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:bscherr (at) iit-tek (dot) com [email concealed]" target="_blank">bscherr (at) iit-tek (dot) com [email concealed]
</a><br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:bscherr (at) ewa (dot) com [email concealed]" target="_blank">bscherr (at) ewa (dot) com [email concealed]</a><br>> 703-478-7608<br>><br>> _______________________________________________
<br>> LogAnalysis mailing list <br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:LogAnalysis (at) loganalysis (dot) org [email concealed]" target="_blank">LogAnalysis (at) loganalysis (dot) org [email concealed]</a><br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.loganalysis.org/mailman/listinfo/loganalysis" target="_blank">
http://www.loganalysis.org/mailman/listinfo/loganalysis</a><br><br>_____
__________________________________________<br>LogAnalysis mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:LogAnalysis (at) loganalysis (dot) org [email concealed]" target="_blank">
LogAnalysis (at) loganalysis (dot) org [email concealed]</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.loganalysis.org/mailman/listinfo/loganalysis" target="_blank">http://www.loganalysis.org/mailman/listinfo/loganalysis
</a><br></blockquote></div><br></span></div></blockquote></div><br>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
also have a port of UNIX logger (www.monitorware.com/logger) that works
wonderfully. Previous versions were free (google), but I don't think their
free version supported syslog-ng (not sure about this, though).
Gord T. (GCIH, CISSP, GEEK)
On 6/22/07, Gord Taylor <taylorgo (at) gmail (dot) com [email concealed]> wrote:
>
> I've been using MonitorWare (and WinSyslog) for a long time as well and
> it's solid - never a problem when receiving logs from Windows, Unix, or
> Firewalls. From experience it can handle a large load as well - 6,000+
> event/sec sustained until I run out of disk :) It can route to file based on
> IP address as well, so any syslog priority conflicts can be resolve by
> routing based on IP. Also allows for alerting, SMTP e-mail, etc.. Support
> for syslog-ng is stable too, not just traditional UDP. The previous version
> had a bug with TCP sessions being re-established too frequently but this has
> been fixed.
>
> I can also echo the same experiences Johnny has had with Snare and
> restarts, but it happens more frequently than I like.
>
> I've also used NTSyslog (old), which Snare inherited it's code-base
> from seems to have the same periodic problems under heavy load where it will
> just slowdown and start skipping events. A restart resolves it, but is hard
> to identify until well after the problem has occured (log loss).
>
> I've started playing with Lasso (which is the only syslog-ng for windows I
> know of), but haven't used it in production. In playing with it though, I've
> found that some of the logs get wrapped to 2 lines under load when it caches
> to disk. I have NOT investigated the cause for this, so it might just be
> something in my implementation. One issue that CAN be a problem with Lasso
> (especially with the new log format under Longhorn) is that they hard-code a
> maximum log line length of 1024 bytes. Even with Windows 2003's object
> auditing, an event can get longer than this.
>
>
> On 6/22/07, jcalhoun (at) securityeventmonitoring (dot) com [email concealed] <jcalhoun (at) securityeventmonitoring (dot) com [email concealed]>
> wrote:
> >
> >
> > Snare - Free and easy to setup
> >
> > MonitorWare - small fee, but dependable and has ability to monitor flat
> > files
> >
> > Lasso - Free and most scalable solution, doesn't require an agent on
> > every machine you wish to retrieve logs from. Requires Domain Admin or
> > Local Admin privs to pull logs.
> >
> > I have used both Snare and Monitorware extensively on thousands of
> > devices. Sometimes Snare will have to be restarted, or it loses it's
> > place in the log and suddenly sends you the entire queue from the
> > beginning, but you get what you pay for :). We are beginning to look
> > into Lasso more and more due to its agent-less design and ease of
> > deployment and maintenance.
> >
> > Thanks,
> > Johnny Calhoun
> > jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
> >
> >
> > > -------- Original Message --------
> > > Subject: [logs] Syslog and Windows
> > > From: "Bill Scherr IV" <bschnzl (at) cotse (dot) net [email concealed]>
> > > Date: Fri, June 22, 2007 12:35 am
> > > To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> > >
> > > All...
> > >
> > > What do you suggest for sending windows logs to syslog
> > >
> > > B.
> > >
> > > On 18 Jun 2007, a message purporting to be from Chris Brenton
> > appeared:
> > >
> > > Subject: Re: [logs] Facility 101 (was: Syslog and
> > facilities)
> > > From: Chris Brenton < cbrenton (at) chrisbrenton (dot) org [email concealed]>
> > > To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> > > Date sent: Mon, 18 Jun 2007 09:04:41 -0400
> > >
> > > > The other problem is some of the facilities are a bit dated. For
> > > example
> > > > there is a facility for FTP (11) but not HTTP. UUCP even has its own
> > > > facility (8) but of course no one uses it anymore (I use it for my
> > > Windows
> > > > stuff. Keeps it from getting mixed in with other log entries ;-)
> > > >
> > >
> > > Bill Scherr IV, GSEC, GCIA
> > > Principal Security Engineer
> > > EWA Information and Infrastructure Technologies
> > > bscherr (at) iit-tek (dot) com [email concealed]
> > > bscherr (at) ewa (dot) com [email concealed]
> > > 703-478-7608
> > >
> > > _______________________________________________
> > > LogAnalysis mailing list
> > > LogAnalysis (at) loganalysis (dot) org [email concealed]
> > > http://www.loganalysis.org/mailman/listinfo/loganalysis
> >
> > _______________________________________________
> > LogAnalysis mailing list
> > LogAnalysis (at) loganalysis (dot) org [email concealed]
> > http://www.loganalysis.org/mailman/listinfo/loganalysis
> >
>
>
<div>Should also mention that the same people who make Monitorware and Winsyslog also have a port of UNIX logger (<a href="http://www.monitorware.com/logger">www.monitorware.com/logger</a>)
that works wonderfully. Previous versions were free (google), but I don't think their free version supported syslog-ng (not sure about this, though).
</div>
<div> </div>
<div>Gord T. (GCIH, CISSP, GEEK)<br><br> </div>
<div><span class="gmail_quote">On 6/22/07, <b class="gmail_sendername">Gord Taylor</b> <<a href="mailto:taylorgo (at) gmail (dot) com [email concealed]">taylorgo (at) gmail (dot) com [email concealed]</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>I've been using MonitorWare (and WinSyslog) for a long time as well and it's solid - never a problem when receiving logs from Windows, Unix, or Firewalls. From experience it can handle a large load as well - 6,000+ event/sec sustained until I run out of disk :) It can route to file based on IP address as well, so any syslog priority conflicts can be resolve by routing based on IP. Also allows for alerting, SMTP e-mail, etc.. Support for syslog-ng is stable too, not just traditional UDP. The previous version had a bug with TCP sessions being re-established too frequently but this has been fixed.
</div>
<div> </div>
<div>I can also echo the same experiences Johnny has had with Snare and restarts, but it happens more frequently than I like.</div>
<div> </div>
<div>I've also used NTSyslog (old), which Snare inherited it's code-base from seems to have the same periodic problems under heavy load where it will just slowdown and start skipping events. A restart resolves it, but is hard to identify until well after the problem has occured (log loss).
</div>
<div> </div>
<div>I've started playing with Lasso (which is the only syslog-ng for windows I know of), but haven't used it in production. In playing with it though, I've found that some of the logs get wrapped to 2 lines under load when it caches to disk. I have NOT investigated the cause for this, so it might just be something in my implementation. One issue that CAN be a problem with Lasso (especially with the new log format under Longhorn) is that they hard-code a maximum log line length of 1024 bytes. Even with Windows 2003's object auditing, an event can get longer than this.
<br><br> </div>
<div><span class="e" id="q_11354318b3d52613_1">
<div><span class="gmail_quote">On 6/22/07, <b class="gmail_sendername"><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:jcalhoun (at) securityeventmonitoring (dot) com [email concealed]" target="_blank">jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
</a></b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:jcalhoun (at) securityeventmonitoring (dot) com [email concealed]" target="_blank"> jcalhoun (at) securityeventmonitoring (dot) com [email concealed]</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>Snare - Free and easy to setup<br><br>MonitorWare - small fee, but dependable and has ability to monitor flat
<br>files<br><br>Lasso - Free and most scalable solution, doesn't require an agent on<br>every machine you wish to retrieve logs from. Requires Domain Admin or<br>Local Admin privs to pull logs.<br><br>I have used both Snare and Monitorware extensively on thousands of
<br>devices. Sometimes Snare will have to be restarted, or it loses it's<br>place in the log and suddenly sends you the entire queue from the<br>beginning, but you get what you pay for :). We are beginning to look<br>
into Lasso more and more due to its agent-less design and ease of<br>deployment and maintenance.<br><br>Thanks,<br>Johnny Calhoun<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:jcalhoun (at) securityeventmonitoring (dot) com [email concealed]" target="_blank">
jcalhoun (at) securityeventmonitoring (dot) com [email concealed] </a><br><br><br>> -------- Original Message --------<br>> Subject: [logs] Syslog and Windows<br>> From: "Bill Scherr IV" <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:bschnzl (at) cotse (dot) net [email concealed]" target="_blank">
bschnzl (at) cotse (dot) net [email concealed]</a>><br>> Date: Fri, June 22, 2007 12:35 am <br>> To: loganalysis <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:loganalysis (at) loganalysis (dot) org [email concealed]" target="_blank">loganalysis (at) loganalysis (dot) org [email concealed]
</a>><br>><br>> All...<br>><br>> What do you suggest for sending windows logs to syslog<br>><br>> B. <br>><br>> On 18 Jun 2007, a message purporting to be from Chris Brenton appeared:<br>>
<br>> Subject: &nbs
p; Re: [logs] Facility 101 (was: Syslog and facilities)<br>> From: &
nbsp; Chris Brenton < <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cbrenton (at) chrisbrenton (dot) org [email concealed]" target="_blank">
cbrenton (at) chrisbrenton (dot) org [email concealed]</a>><br>> To: &nb
sp; loganalysis <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:loganalysis (at) loganalysis (dot) org [email concealed]" target="_blank">loganalysis (at) loganalysis (dot) org [email concealed]
</a>><br>> Date sent: &
nbsp;Mon, 18 Jun 2007 09:04:41 -0400 <br>><br>> > The other problem is some of the facilities are a bit dated. For<br>> example<br>> > there is a facility for FTP (11) but not HTTP. UUCP even has its own
<br>> > facility (8) but of course no one uses it anymore (I use it for my <br>> Windows<br>> > stuff. Keeps it from getting mixed in with other log entries ;-)<br>> ><br>><br>> Bill Scherr IV, GSEC, GCIA
<br>> Principal Security Engineer<br>> EWA Information and Infrastructure Technologies <br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:bscherr (at) iit-tek (dot) com [email concealed]" target="_blank">bscherr (at) iit-tek (dot) com [email concealed]
</a><br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:bscherr (at) ewa (dot) com [email concealed]" target="_blank">bscherr (at) ewa (dot) com [email concealed]</a><br>> 703-478-7608<br>><br>> _______________________________________________
<br>> LogAnalysis mailing list <br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:LogAnalysis (at) loganalysis (dot) org [email concealed]" target="_blank">LogAnalysis (at) loganalysis (dot) org [email concealed]</a><br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.loganalysis.org/mailman/listinfo/loganalysis" target="_blank">
http://www.loganalysis.org/mailman/listinfo/loganalysis</a><br><br>_____
__________________________________________<br>LogAnalysis mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:LogAnalysis (at) loganalysis (dot) org [email concealed]" target="_blank">
LogAnalysis (at) loganalysis (dot) org [email concealed]</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.loganalysis.org/mailman/listinfo/loganalysis" target="_blank">http://www.loganalysis.org/mailman/listinfo/loganalysis
</a><br></blockquote></div><br></span></div></blockquote></div><br>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]