[exim] Re: Exim logging--how reliable?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Slavko
Date:  
À: Johnnie W Adams via Exim-users
Sujet: [exim] Re: Exim logging--how reliable?
Dňa 4. októbra 2024 18:39:20 UTC používateľ Johnnie W Adams via Exim-users <exim-users@???> napísal:
>The SIEM doesn't get that deep into the connection--it just gives
>source, destination, and port.


Thus IMO you have do it by self, eg. logging traffic in firewall or capturing
traffic to/from these ports. Capturing traffic can be more easy and no
problem in your case (low traffic server), tcpdump can be your friend. Then
you can compare...

I have no experiences with SIEM, but anyway, i would try to ask more
details from them. They are responsible what they reports and should
to provide evidence about incidents. No reason to hesitate ;-)

BTW, i asked more details about simmilar reports from shadowserver
some (long) time ago, and by that ask they found bug in their code --
mistake happens...

regards

--
Slavko
https://www.slavino.sk/

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/