Security Basics mailing list archives
Re: log analyser
From: giuseppe.fuggiano () gmail com
Date: Mon, 1 Jun 2009 18:58:00 +0200 (CEST)
2009/5/29 <sec () nd-f com>:
Hi, can someone of you recommend a good enterprise log analyser solution? i have to collect, corrolate and analyse about 1200 windows machines and 200 linux boxes. i want to do this in real-time, trigger actions (like email notification), make sense out of e.g. ten failed login attempts following the one successful etc.
I am currently deploying this nice appliance: http://www.balabit.com/network-security/syslog-ng/log-server-appliance/ which also encrypt and signs logs, very good support, but you could want to configure a software by yourself. So, http://www.splunk.com/ http://eiqnetworks.com/products/SecureVue/Data_Collection.shtml http://www.gfi.com/eventsmanager (very good but no encryption) Cheers, -- Giuseppe
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- log analyser sec (Jun 01)
- RE: log analyser Hindley Nick (Jun 01)
- RE: log analyser Todd Neal (Jun 01)
- Re: log analyser Abilash Praveen (Jun 01)
- Re: log analyser Jared Curtis (Jun 01)
- Re: log analyser giuseppe . fuggiano (Jun 01)
- RE: log analyser John Lightfoot (Jun 01)
- Re: log analyser aditya mukadam (Jun 02)
- RE: log analyser Amardeep Singh (Jun 03)
- RE: log analyser Tariq Naik (Jun 04)
- RE: log analyser Ramki B Ramakrishnan (Jun 08)
- Re: log analyser TT-SEC (Jun 12)
- Re: log analyser Richard Thomas (Jun 15)
- <Possible follow-ups>
- Re: Re: log analyser joe . zhuo (Jun 01)
- Re: log analyser dgonzalez . itpro (Jun 02)
- RE: log analyser Hindley Nick (Jun 01)