Security Basics mailing list archives
Re: syslog
From: Ramon Kagan <rkagan () yorku ca>
Date: Mon, 27 Sep 2004 12:58:28 -0400 (EDT)
HI, I've been using logsurfer for the past 4 years and it is an excellent tool. I must be honest though that I'm looking at logsurfer+ right now since it adds some much appreciated features. Nonetheless they are the same product, just a resurrection. I haven't found a better log parsing tool yet. BTW, we scan about 0.4-0.7GB daily in real time. Ramon Kagan York University, Computing and Network Services Information Security - Senior Information Security Analyst (416)736-2100 #20263 rkagan () yorku ca ----------------------------------- ------------------------------------ I have not failed. I have just I don't know the secret to success, found 10,000 ways that don't work. but the secret to failure is trying to please everybody. - Thomas Edison - Bill Cosby ----------------------------------- ------------------------------------ On Fri, 24 Sep 2004, Thomas Harris wrote:
Has anyone used logsurfer for this purpose? http://www.crypt.gen.nz/logsurfer/ Anich, Ryan L wrote:I am not sure how in depth you are planning to go with your strategy, but this is what I am looking at for a solution for my company. http://www.arcsight.com/ -----Original Message----- From: Tran, Nhon [mailto:Nhon.Tran () logicacmg com] Sent: Monday, September 20, 2004 2:36 AM To: security-basics () securityfocus com Subject: syslog Hi all One of the companies I support wants to implement a syslog strategy for all their infrasturcture devices.. Unix boxes, windows server, cisco comms devices. To hopefully capture all the logs, we're talking about lots of logs, their domain servers log about 300K items a day!.. Unix boxes log heaps too about 70K per day per server!.. They have around 80 unix server, 120 windows servers and about 150 comms devices.. Any idea what the best way to go about this would be, also any suggestions of what log analysis software to use? Nhon This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- syslog Tran, Nhon (Sep 23)
- <Possible follow-ups>
- RE: syslog Anich, Ryan L (Sep 24)
- Re: syslog Thomas Harris (Sep 27)
- Re: syslog Ramon Kagan (Sep 30)
- Re: syslog Thomas Harris (Sep 27)
- RE: syslog Michael Shirk (Sep 25)
- RE: syslog R. Maheswaran (Sep 27)
- RE: syslog Clarke, Tyronne (Contractor) (Sep 28)