Security Basics mailing list archives

RE: Logging

From: "Bugtraq" <bugtraq () datacash co za>
Date: Mon, 21 Jan 2008 09:50:53 +0200

I'm busy doing a POC of RSA's envision. So far, so good. You can set up
a dashboard with alerts, graphs and tables to keep an eye on your
systems and users in real-time. It's pretty expensive, but integrates
nicely into Active Directory. Initially you have to do quite a lot of
work to extract the relevant information from your logs. It collects
Windows event logs (without a 3rd party remote agent), it takes syslogs
and SNMP traps from many different devices (and automatically id's the
remote system type and its function). The out-of-the-box list of
supported devices is extensive and is growing quarterly. You can also
create your own templates relatively easily. It has hundreds of built-in
reports, but most need tweaking to provide you with the relevant
information. Overall, a really nice product, I haven't found anything to
compete with it yet. I'd be interested to find out if anyone has done
comparisons between this and another product in the same space.

-Grant

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of infolookup () gmail com
Sent: 19 January 2008 05:58 PM
To: Krzyston, Randy; listbounce () securityfocus com;
security-basics () securityfocus com
Subject: Re: Logging

I am interested in seeing some feed back on this topic, cause I am
looking into doing this too. 

Sent via BlackBerry from T-Mobile

-----Original Message-----
From: "Krzyston, Randy" <RandyK () gen-probe com>

Date: Fri, 18 Jan 2008 10:19:21 
To:<security-basics () securityfocus com>
Cc:<listbounce () securityfocus com>
Subject: Logging


We are looking to implement a syslog server.  It needs to not only be
capable of storing logs ,but also detailed reporting for things such as
SOX.  I've looked at LogLogic's products.  I also heard about Kiwi, but
have not experience with it.

Any comments?


Randy



DISCLAIMER: This email and any files transmitted with it are confidential to DataCash Group plc and its group 
companies. It is intended only for the person to whom it is addressed. If you have received this email in error, please 
forward it to info () datacash com with the subject line "Received in Error".  If you are not the intended recipient 
you must not use, disclose, copy, print, distribute or rely on this email or any of its transmitted files.

Current thread:

RE: Honeypot Server, (continued)
- - RE: Honeypot Server Brett Kennedy (Jan 17)
- RE: Honeypot Server Timmothy Lester (Jan 17)
- Message not available
  - RE: Honeypot Server m.farid.shawara (Jan 18)
    - RE: Honeypot Server Timmothy Lester (Jan 18)
    - Logging Krzyston, Randy (Jan 18)
    - RE: Logging Robert D. Holtz - Lists (Jan 18)
    - RE: Logging Scott Williamson (Jan 18)
    - RE: Logging Lee Hilt (Jan 18)
    - RE: Logging Petter Bruland (Jan 19)
    - Re: Logging infolookup (Jan 19)
    - RE: Logging Bugtraq (Jan 21)
    - Re: Logging securek9 (Jan 21)
    - Re: Logging infolookup (Jan 21)
    - Re: Honeypot Server Gleb Paharenko (Jan 18)
    - Re: Honeypot Server p1g (Jan 21)
    - Re: Honeypot Server Emilio Casbas (Jan 21)
    - Re: Honeypot Server Brent Huston (Jan 25)
- Re: Honeypot Server p1g (Jan 18)
- Re: Honeypot Server krymson (Jan 17)
  - RE: Honeypot Server Timmothy Lester (Jan 17)
- RE: Honeypot Server Albert Gonzalez (Jan 18)