Security Basics mailing list archives

Re: Logging

From: infolookup () gmail com
Date: Mon, 21 Jan 2008 14:07:05 +0000

Thank you I actually have syslog-ng installed and I am working on install Splunk, thanks for the feed back everyone.
Sent via BlackBerry from T-Mobile

-----Original Message-----
From: securek9 <securek9 () gmail com>

Date: Mon, 21 Jan 2008 08:43:08 
To:infolookup () gmail com
Cc:"Krzyston, Randy" <RandyK () gen-probe com>, listbounce () securityfocus com, security-basics () securityfocus com
Subject: Re: Logging

Are you wanting to purchase or use free products? If you have the money, 
as it is expensive but worth it for large environments, the Activeworx 
product from Crosstech is an excellent product. You can capture logs for 
all types of devices right into a database or databases and it also has 
nice reporting for Sox related issues amongst others. They also offer a 
nice correlation engine you can purchase with it to correlate attacks. I 
think you can trial it for 15 days or so. The only drawbacks is that it 
only runs on Windows Server and it is a challenge to set up, but once up 
it is really nice.

If you want free, splunk is just ok for viewing logs (not very nice to 
look at), or look into adventnet products. They offer free for small 
offices. I dont think prices are bad for larger environments either. You 
can also always go with syslog-ng to capture and sort log information 
centrally then view with free splunk or some other log viewer.

Hope that helps a little!

infolookup () gmail com wrote:

I am interested in seeing some feed back on this topic, cause I am looking into doing this too. 

Sent via BlackBerry from T-Mobile

-----Original Message-----
From: "Krzyston, Randy" <RandyK () gen-probe com>

Date: Fri, 18 Jan 2008 10:19:21 
To:<security-basics () securityfocus com>
Cc:<listbounce () securityfocus com>
Subject: Logging

We are looking to implement a syslog server.  It needs to not only be
capable of storing logs ,but also detailed reporting for things such as
SOX.  I've looked at LogLogic's products.  I also heard about Kiwi, but
have not experience with it.

Any comments?

Randy

Current thread:

RE: Honeypot Server, (continued)
- - Message not available
    - RE: Honeypot Server m.farid.shawara (Jan 18)
    - RE: Honeypot Server Timmothy Lester (Jan 18)
    - Logging Krzyston, Randy (Jan 18)
    - RE: Logging Robert D. Holtz - Lists (Jan 18)
    - RE: Logging Scott Williamson (Jan 18)
    - RE: Logging Lee Hilt (Jan 18)
    - RE: Logging Petter Bruland (Jan 19)
    - Re: Logging infolookup (Jan 19)
    - RE: Logging Bugtraq (Jan 21)
    - Re: Logging securek9 (Jan 21)
    - Re: Logging infolookup (Jan 21)
    - Re: Honeypot Server Gleb Paharenko (Jan 18)
    - Re: Honeypot Server p1g (Jan 21)
    - Re: Honeypot Server Emilio Casbas (Jan 21)
    - Re: Honeypot Server Brent Huston (Jan 25)
- Re: Honeypot Server p1g (Jan 18)
- Re: Honeypot Server krymson (Jan 17)
  - RE: Honeypot Server Timmothy Lester (Jan 17)
- RE: Honeypot Server Albert Gonzalez (Jan 18)