Educause Security Discussion mailing list archives
Re: Open Source centralized log management/SIEM solutions
From: Paul Keser <pkeser () STANFORD EDU>
Date: Mon, 26 Apr 2010 11:24:10 -0700
There was also a good write up in Linux Journal a few months ago. I spoke to AlienVault at RSA and it sounds very promising. I am planning to play with it this summer. -PaulK Paul Keser Assoc. Information Security Officer Stanford University 650.724.9051 GPG Fingerprint: DBA3 E20F CE91 28AA DA1C 4A77 3BD9 C82D 2699 24FB On 10-04-26 08:35 AM, Matthew Gracie wrote:
Adam Garside wrote:On Apr 26, 2010, at 11:02 AM, Youngquist, Jason R. wrote:Is anyone using any Open Source or low cost centralized log management/SIEM solution in a production environment which you would recommend?Jason, we use OSSEC-HIDS. It is primarily a HIDS solution but can take logs via syslog if you don't wish to place agents on your systems. It is very configurable, easy to setup, has a standard correlation configuration, and doesn't require a lot in terms of hardware. The website is at: www.ossec.net Warm regards, AdamThere was an excellent presentation on OSSEC at the Security Professional's Conference this year - it prompted me to install the server and start playing around with it, and I doubt I'm the only one. http://net.educause.edu/SEC10/Program/1023654?PRODUCT_CODE=SEC10/SESS01
Current thread:
- Open Source centralized log management/SIEM solutions Youngquist, Jason R. (Apr 26)
- <Possible follow-ups>
- Re: Open Source centralized log management/SIEM solutions Adam Garside (Apr 26)
- Re: Open Source centralized log management/SIEM solutions Matthew Gracie (Apr 26)
- Re: Open Source centralized log management/SIEM solutions Paul Keser (Apr 26)
- Re: Open Source centralized log management/SIEM solutions Joe Marshall (Apr 28)
- Re: Open Source centralized log management/SIEM solutions Bradley, Stephen W. Mr. (Apr 28)
- Re: Open Source centralized log management/SIEM solutions Jason Frisvold (May 03)
- Re: Open Source centralized log management/SIEM solutions Russell Fulton (May 05)
- Re: Open Source centralized log management/SIEM solutions Jason Frisvold (May 10)
- Re: Open Source centralized log management/SIEM solutions Russell Fulton (May 13)