Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Open Source centralized log management/SIEM solutions

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Mon, 26 Apr 2010 11:35:28 -0400
Adam Garside wrote:

On Apr 26, 2010, at 11:02 AM, Youngquist, Jason R. wrote:


Is anyone using any Open Source or low cost centralized log
management/SIEM solution in a production environment which you
would recommend?


Jason, we use OSSEC-HIDS. It is primarily a HIDS solution but can
take logs via syslog if you don't wish to place agents on your
systems. It is very configurable, easy to setup, has a standard
correlation configuration, and doesn't require a lot in terms of
hardware.

The website is at: www.ossec.net

Warm regards, Adam


There was an excellent presentation on OSSEC at the Security
Professional's Conference this year - it prompted me to install the
server and start playing around with it, and I doubt I'm the only one.

http://net.educause.edu/SEC10/Program/1023654?PRODUCT_CODE=SEC10/SESS01


--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Previous By Date Next
Previous By Thread Next

Current thread: