Educause Security Discussion mailing list archives
Re: Network flow log consolidation
From: Wes Young <wcyoung () BUFFALO EDU>
Date: Tue, 25 Apr 2006 15:43:05 -0400
On Tue, 2006-04-25 at 12:18 -0700, Logan Browne wrote:
Tangential to the discussion of syslog parsing, are any others on the list evaluating or implementing products to consolidate network flow logs? This would be a precursor to trend analysis and perhaps some security event correlation processes. I have looked at some products in a past position and am wondering which products or systems you find valuable.
Commercially, ArcSight and Cisco have decent products... Requirements for hardware and software are higher... but might be worth checking out.... Arcsight is a software based solution and Cisco has the CS-MARS appliance. Cisco does well in basic log correlation and trends... Arcsight is much more advanced in correlation and incident analysis (getting down to the nitty gritty).... Both deal with Netflow... -- Wes Young Network Security Analyst University at Buffalo ----------------------------------------------- | My Security Blog: | http://tinyurl.com/9av4k | | My RSS: | http://tinyurl.com/ceopv | | My Life: | http://tinyurl.com/l18g | | CPAN: | http://tinyurl.com/mujm5 | -----------------------------------------------
Current thread:
- Network flow log consolidation Logan Browne (Apr 25)
- <Possible follow-ups>
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Graham Toal (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation John Rasmussen (Apr 25)
- Re: Network flow log consolidation Steve Bernard (Apr 25)
- Re: Network flow log consolidation Valdis Kletnieks (Apr 25)
- Network flow log consolidation Kim Cary (Apr 26)
(Thread continues...)