RE: log monitoring/analysis/correlation systems

["Erin Carroll" <amoeba () amoebazone com>]

You may also want to check into LogLogic. Depending on your price point,
this may be one of the better vendors to choose from. However, if you're
also needing event correlation abilities at anything more complex than and
IF THAN ELSE type of level, bear in mind that the correlation and analysis
market is still young and there isn't much out there that would works on
much more than a small infrastructure basis without major database and/or
performance issues.



> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of sami seclist
> Sent: Monday, November 20, 2006 11:21 AM
> To: security-basics () securityfocus com
> Subject: log monitoring/analysis/correlation systems
>
> Hi list,
> a client of our is looking for a log monitoring solution for it's
> network security infrastructure.
> Logs are to be collected from routers, firewalls, IDS and antivirus.
> The only product I found to be applicable in this situation is cisco's
> Security Monitoring Analysis and Response Systems (In fact it does much
> than what is needed !).
> Other products I found
> exaprotect (seems to be the best option) hp openview and IBM tivoli
> manager (I think they are too heavy for this company and also very
> expensive)
>
> does anybody know of other log monitoring systems, and what do you
> think of the above ?
> Syslog is not an option as log files have heterogeneous formats and is
> somewhat tricky to obtain a practical usage
>
> regards
> sami.
>
> -----------------------------------------------------------------------
> ----
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
> designated Norwich University a center of Academic Excellence in
> Information Security. Our program offers unparalleled Infosec
> management education and the case study affords you unmatched
> consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed
> degree, without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> -----------------------------------------------------------------------
> ----


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------