Re: Event Log Monitor Program

["Kurt Buff" <kurt.buff () gmail com>]

On each server, I'd place either the Snare client
(http://www.intersectalliance.com - it's open source) or evtsys
(google for it, I don't have the URL handy) - these format the events
and send them out via syslog. To collect the logs, it depends on what
you want to do, but the Kiwi syslog server is free or damn cheap (the
free version won't log to ODBC or do a couple of other useful things,
the pay version will, and last I looked, the pay version was around
US$100.00) and really good, or set up a *nix box (I like FreeBSD) .

As a possible alternative, OSSEC might be worth your while.
http://www.ossec.org - it's a HIDS package that seems very
interesting, though I haven't had time to play with it yet.

Kurt

On 9/20/07, Adam Savage <Adam_Savage () skillsoft com> wrote:
>  I'm looking for a good event log program that can consolidate all my event logs from my servers into one location. 
> Then I can report on them and such. We purchased GFI Security Event Log Monitor but we find the program cumbersome at 
> best and doesn't give you any insight on some of the event messages that are produced. I'd like to know if there is a 
> freeware/opensource solution. I know GFI has recently come out with the Successor to SELM called EventsManager but 
> we'd like to look into some other products that are out there first.
>
> Any replies would be greatly appreciated.
>
> Thank you,
>
> Adam