Educause Security Discussion mailing list archives
Re: Network flow log consolidation
From: "Ensz, Sean A." <ensz () OU EDU>
Date: Thu, 27 Apr 2006 09:11:28 -0500
You might consider looking at QRadar by Q1Labs (www.q1labs.com). We have been using it for almost a year new and we have happy with the product. It does a good job of analyzing Netflow, sFlow, JFlow, et al... You can also place a collector on a SPAN port or tap to get full layer-7 analysis. They recently added SEM capability in their latest release that supports a whole smorgasbord of security logs that correlates with the flow data. --- Sean Ensz CISSP, GSEC, EnCE IT Security Analyst University of Oklahoma -----Original Message----- From: Logan Browne [mailto:lcb () UCSD EDU] Sent: Tuesday, April 25, 2006 2:18 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Network flow log consolidation Tangential to the discussion of syslog parsing, are any others on the list evaluating or implementing products to consolidate network flow logs? This would be a precursor to trend analysis and perhaps some security event correlation processes. I have looked at some products in a past position and am wondering which products or systems you find valuable. -- Logan Browne, CISSP, CISM Network Security Manager University of California, San Diego <lcb () ucsd edu> (858)822-5343
Attachment:
smime.p7s
Description:
Current thread:
- Re: Network flow log consolidation, (continued)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Graham Toal (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation John Rasmussen (Apr 25)
- Re: Network flow log consolidation Steve Bernard (Apr 25)
- Re: Network flow log consolidation Valdis Kletnieks (Apr 25)
- Network flow log consolidation Kim Cary (Apr 26)
- Re: Network flow log consolidation Ensz, Sean A. (Apr 27)
- Re: Network flow log consolidation David Grisham (Apr 27)
- Re: Network flow log consolidation Tristan RHODES (May 01)