James Pifer jep@obrien-pifer.com wrote:
The analyzing software runs on windows.
Setting up cygwin with the SSH service is easy on NT.
It's connection options for looking at logs is file, http, or ftp.
Then use file. Use another, automated process on your servers to send them file to the system -- or at least an intermediate system the analyzing system then pulls from via HTTP or FTP.
What's worse, is I just found that it apparently does not support passive ftp. I'm trying to get vsftpd to do active, but either I'm not getting it configured right, or more likely, the firewall is messing it up.
Another reason to consider SSH.
Have your Internet systems SCP the files to a SSH server on your LAN, or in your DMZ. Run the SSH server on a different port than port 22, and _only_ allow public key authentication (or Kerberos if you wish to set that up instead of maintaining SSH key rings).
I used to run windows ftp server for providing the logs
when
it ran on windows, and ftp'ing was no problem.
Then keep that system to FTP from, and just install Cygwin with the SSH service. I assume this is on your LAN (which probably means this is more of a firewall issue -- and not the FTP service on the systems outside the firewall).
BTW, if you're running ADS, you can use it's Kerberos service for SSH authentication! You only need to open (or proxy/redirect) port 88 for the external systems. Although there might be some security considerations in that regard.
I.e., maybe your Windows FTP server is a new DC, with its own domain (separate from your LAN), and that's where you have the Kerberos authentication/trusts (possibly in your DMZ)?
Anyway, that's where I'm at right now.
Golden Rule: Do _not_ let the limitations of an application dictate your end-to-end security. Shortcut the ends if needed, put the less secure/more problematic points on your LAN, but keep your Internet traffic secure, and easier to manage at the same time. ;->
-- Bryan
P.S. This would be so much easier to diagram on a whiteboard.