Security Basics mailing list archives

RE: log monitoring/analysis/correlation systems

From: "Smith, Maurice" <MSmith () levi com>
Date: Tue, 21 Nov 2006 14:53:08 -0600

Try http://www.loglogic.com/

Best Regards,
 
 
Maurice A. Smith
CISSP, NSA IAM
Sr. IT Security Manager
Global Information Security 
Levi Strauss & Co
Desk 817-262-6501
Mobile 214-577-8808

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Emilio Casbas
Sent: Tuesday, November 21, 2006 3:50 AM
To: sami seclist
Cc: security-basics () securityfocus com
Subject: Re: log monitoring/analysis/correlation systems



sami seclist escribió:

Hi list,
a client of our is looking for a log monitoring solution for it's
network security infrastructure.
Logs are to be collected from routers, firewalls, IDS and antivirus.
The only product I found to be applicable in this situation is cisco's
Security Monitoring Analysis and Response Systems (In fact it does
much than what is needed !).
Other products I found
exaprotect (seems to be the best option)
hp openview and IBM tivoli manager (I think they are too heavy for
this company and also very expensive)

does anybody know of other log monitoring systems, and what do you
think of the above ?
Syslog is not an option as log files have heterogeneous formats and is
somewhat tricky to obtain a practical usage

regards
sami.

You could use nagios (http://www.nagios.org/) with the appropiate 
check_log script,
and/or monitoring statistics with mrtg (http://oss.oetiker.ch/mrtg/)

Regards.
Emilio C.

-- 
Emilio Casbas
University of Navarra



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

log monitoring/analysis/correlation systems sami seclist (Nov 20)
- Re: log monitoring/analysis/correlation systems Emilio Casbas (Nov 21)
  - RE: log monitoring/analysis/correlation systems Smith, Maurice (Nov 22)
- Re: log monitoring/analysis/correlation systems Seyhan Tekelioglu (Nov 21)
- Re: log monitoring/analysis/correlation systems Florencio Cano (Nov 21)
  - Re: log monitoring/analysis/correlation systems sami seclist (Nov 23)
- RE: log monitoring/analysis/correlation systems Erin Carroll (Nov 21)
- RE: log monitoring/analysis/correlation systems Matt Davis (Nov 21)
- Audit Windows Machine, IRM (Nov 21)
  - Re: Audit Windows Machine, Ansgar -59cobalt- Wiechers (Nov 22)
- Re: log monitoring/analysis/correlation systems Jon Hart (Nov 22)
- Re: log monitoring/analysis/correlation systems Kurt Buff (Nov 22)
- <Possible follow-ups>
- Re: log monitoring/analysis/correlation systems q (Nov 21)

(Thread continues...)