RE: FW/IPS log correlation software

[Wong Yu Liang <wong.yuliang () vads com>]

Try http://www.ossim.net/


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Raimar Melchior
Sent: Thursday, April 03, 2008 9:39 PM
To: security-basics () securityfocus com
Subject: FW/IPS log correlation software

Hello list,

we want a central log station where logs from firewalls, ips and other
security devices are sent to. All of our components support the syslog
protocol.
The challange is to filter and correlate this huge amount of logs. We
also want to create filtering and reports (graphical). The server should
have a graphical frontend (gui).
We tried the kiwi syslog server but it doesn't meet our requirements.
Any good enterprise software out there ?
Any suggestions would be very appreciated.

Many Thanks,
Raimar

Security Consultant

CROCODIAL IT Security GmbH

Niederlassung Köln
Von-der-Wettern-Str. 25
51149 Köln

office: +492203-69923-16
mobile: +49170-2265680
eMail: rm () crocodial de
http://www.crocodial.de/


Sitz der Gesellschaft: Hamburg
Eingetragen: Amtsgericht Hamburg Nr. HRB 83456
Geschäftsführung: Wolfgang Dierke, Helmut Hansen, Lutz Klöber

----------------------------------------------------------------------
CROCODIAL SecurityDays 2008:
----------------------------------------------------------------------
  Berlin:      16.04.2008          Hamburg:     22.02.2008
               26.09.2008                       05.09.2008
  Bremen:      04.04.2008          Hannover:    18.04.2008
               12.09.2008                       19.09.2008
  Dortmund:    23.10.2008          Köln:        05.06.2008
  Düsseldorf:  10.04.2008



No virus found in this incoming message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.22.5/1356 - Release Date: 4/2/2008 4:14 PM


No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.22.5/1356 - Release Date: 4/2/2008 4:14 PM


DISCLAIMER
This message may contain confidential and privileged information for its intended recipient(s) only. If you are not an 
intended recipient, you are hereby notified that any review, dissemination and distribution, printing or copying of 
this message or any part thereof is strictly prohibited. Please delete the entire message and inform the sender of the 
error. Any opinions, conclusions and other information in this message that are unrelated to the official business of 
VADS Berhad are those of the individual sender and shall be understood as neither explicitly given nor endorsed by VADS 
Berhad. VADS Berhad does not authorise any of its employees to make any defamatory or seditious statements which is 
contrary to the laws of Malaysia. Any such communications by such employees are outside their scope of employment and 
VADS Berhad shall not be liable for such communications.