Security Basics mailing list archives
Re: Event Log Monitor Program
From: scott <redhowlingwolves () bellsouth net>
Date: Fri, 21 Sep 2007 02:24:25 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ossec is actually a very good HIDS logging-event notifier. You can change any log notifications using simple XML rulesets.It is really easy to configure ( server=agent ). All logs you want can written easily (no API's).Just simple XML.They can be sent to any address you specify. Sometimes there is a problem with simple SMTP because the OSSEC drivers use their own mailer.This can be a problem if not configured correctly. Surely, you can configure your own POP and SMTP. Excellent for our needs. Cheers, Redwolves rule Kurt Buff wrote:
On each server, I'd place either the Snare client (http://www.intersectalliance.com - it's open source) or evtsys (google for it, I don't have the URL handy) - these format the events and send them out via syslog. To collect the logs, it depends on what you want to do, but the Kiwi syslog server is free or damn cheap (the free version won't log to ODBC or do a couple of other useful things, the pay version will, and last I looked, the pay version was around US$100.00) and really good, or set up a *nix box (I like FreeBSD) . As a possible alternative, OSSEC might be worth your while. http://www.ossec.org - it's a HIDS package that seems very interesting, though I haven't had time to play with it yet. Kurt On 9/20/07, Adam Savage <Adam_Savage () skillsoft com> wrote:I'm looking for a good event log program that can consolidate all my event logs from my servers into one location. Then I can report on them and such. We purchased GFI Security Event Log Monitor but we find the program cumbersome at best and doesn't give you any insight on some of the event messages that are produced. I'd like to know if there is a freeware/opensource solution. I know GFI has recently come out with the Successor to SELM called EventsManager but we'd like to look into some other products that are out there first. Any replies would be greatly appreciated. Thank you, Adam
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG82OYsrt057ENXO4RAnzbAJ9R3sw43twTgARVTSfb8bEJwFYfYACgiOMD dou1UBoK6Sloe+VESURbtpE= =mqh1 -----END PGP SIGNATURE-----
Current thread:
- Event Log Monitor Program Adam Savage (Sep 20)
- Re: Event Log Monitor Program c0unter14 (Sep 20)
- RE: Event Log Monitor Program Petter Bruland (Sep 20)
- Re: Event Log Monitor Program Kurt Buff (Sep 20)
- Re: Event Log Monitor Program scott (Sep 21)
- RE: Event Log Monitor Program Roger Onken (Sep 21)
- Message not available
- Fwd: Event Log Monitor Program kevin fielder (Sep 21)
- File Permission Audit Tool - Windows Al Cooper (Sep 25)
- Re: File Permission Audit Tool - Windows Kurt Buff (Sep 26)
- RE: File Permission Audit Tool - Windows Roger A. Grimes (Sep 26)
- Re: File Permission Audit Tool - Windows Nikhil Wagholikar (Sep 26)
- RE: File Permission Audit Tool - Windows McMahon, Thomas J. (Sep 26)
- RE: File Permission Audit Tool - Windows Steve Johnston (Sep 26)
- Re: File Permission Audit Tool - Windows p1g (Sep 27)
- Message not available