Security Basics mailing list archives
Re: log monitoring/analysis/correlation systems
From: "sami seclist" <sg.seclists () gmail com>
Date: Wed, 22 Nov 2006 21:39:38 +0100
2006/11/21, Florencio Cano <florencio.cano () gmail com>: Hello, I'm interesting in knowing more about your needs. If I understanded you correctly you need a piece of software
or a hardware
that will receive (or collect) the logs from those devices,
at the present moment devices are 2 routers, one firewall, and IDS and antiviral solution, but it will certainly evolve
it will parse these logs to a common format and it will try to correlate this information in >order to extract conclusions and edit a report.
the system is aimed to support both operational and management level. operators need devices activity report, incident detection (overloaded devices, broken telecommunication lines, etc.) and analysis features (this last point could be achieved by correlating logs from different sources to find the root cause of the problem). Managers need periodic reports about their system "health", and support data to make appropriate strategic decisions.
Am I correct?
Current thread:
- log monitoring/analysis/correlation systems sami seclist (Nov 20)
- Re: log monitoring/analysis/correlation systems Emilio Casbas (Nov 21)
- RE: log monitoring/analysis/correlation systems Smith, Maurice (Nov 22)
- Re: log monitoring/analysis/correlation systems Seyhan Tekelioglu (Nov 21)
- Re: log monitoring/analysis/correlation systems Florencio Cano (Nov 21)
- Re: log monitoring/analysis/correlation systems sami seclist (Nov 23)
- RE: log monitoring/analysis/correlation systems Erin Carroll (Nov 21)
- RE: log monitoring/analysis/correlation systems Matt Davis (Nov 21)
- Audit Windows Machine, IRM (Nov 21)
- Re: Audit Windows Machine, Ansgar -59cobalt- Wiechers (Nov 22)
- Re: log monitoring/analysis/correlation systems Jon Hart (Nov 22)
- Re: log monitoring/analysis/correlation systems Kurt Buff (Nov 22)
- <Possible follow-ups>
- Re: log monitoring/analysis/correlation systems q (Nov 21)
- Re: log monitoring/analysis/correlation systems a . lagana (Nov 21)
- Re: log monitoring/analysis/correlation systems vachanta (Nov 22)
- Re: log monitoring/analysis/correlation systems vameg (Nov 22)
(Thread continues...)
- Re: log monitoring/analysis/correlation systems Emilio Casbas (Nov 21)