Security Basics mailing list archives

Re: Event Log Monitor Program

From: scott <redhowlingwolves () bellsouth net>
Date: Fri, 21 Sep 2007 02:24:25 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ossec is actually a very good HIDS logging-event notifier.

You can change any log notifications using simple XML rulesets.It is
really easy to configure ( server=agent ).
All logs you want can written easily (no API's).Just simple XML.They
can be sent to any address you specify.

Sometimes there is a problem with simple SMTP because the OSSEC
drivers use their own mailer.This can be a problem if not configured
correctly.

Surely, you can configure your own POP and SMTP.

Excellent for our needs.

Cheers,  Redwolves rule


Kurt Buff wrote:

On each server, I'd place either the Snare client
(http://www.intersectalliance.com - it's open source) or evtsys
(google for it, I don't have the URL handy) - these format the
events and send them out via syslog. To collect the logs, it
depends on what you want to do, but the Kiwi syslog server is free
or damn cheap (the free version won't log to ODBC or do a couple of
other useful things, the pay version will, and last I looked, the
pay version was around US$100.00) and really good, or set up a *nix
box (I like FreeBSD) .

As a possible alternative, OSSEC might be worth your while.
http://www.ossec.org - it's a HIDS package that seems very
interesting, though I haven't had time to play with it yet.

Kurt

On 9/20/07, Adam Savage <Adam_Savage () skillsoft com> wrote:

I'm looking for a good event log program that can consolidate all
my event logs from my servers into one location. Then I can
report on them and such. We purchased GFI Security Event Log
Monitor but we find the program cumbersome at best and doesn't
give you any insight on some of the event messages that are
produced. I'd like to know if there is a freeware/opensource
solution. I know GFI has recently come out with the Successor to
SELM called EventsManager but we'd like to look into some other
products that are out there first.

Any replies would be greatly appreciated.

Thank you,

Adam


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG82OYsrt057ENXO4RAnzbAJ9R3sw43twTgARVTSfb8bEJwFYfYACgiOMD
dou1UBoK6Sloe+VESURbtpE=
=mqh1
-----END PGP SIGNATURE-----

Current thread:

Event Log Monitor Program Adam Savage (Sep 20)
- Re: Event Log Monitor Program c0unter14 (Sep 20)
- RE: Event Log Monitor Program Petter Bruland (Sep 20)
- Re: Event Log Monitor Program Kurt Buff (Sep 20)
  - Re: Event Log Monitor Program scott (Sep 21)
- RE: Event Log Monitor Program Roger Onken (Sep 21)
  - Message not available
    - Fwd: Event Log Monitor Program kevin fielder (Sep 21)
    - File Permission Audit Tool - Windows Al Cooper (Sep 25)
    - Re: File Permission Audit Tool - Windows Kurt Buff (Sep 26)
    - RE: File Permission Audit Tool - Windows Roger A. Grimes (Sep 26)
    - Re: File Permission Audit Tool - Windows Nikhil Wagholikar (Sep 26)
    - RE: File Permission Audit Tool - Windows McMahon, Thomas J. (Sep 26)
    - RE: File Permission Audit Tool - Windows Steve Johnston (Sep 26)
    - Re: File Permission Audit Tool - Windows p1g (Sep 27)
- RE: Event Log Monitor Program Deepak J. Mathew (Sep 26)

(Thread continues...)