Re: Open Source centralized log management/SIEM solutions

[Paul Keser <pkeser () STANFORD EDU>]

There was also a good write up in Linux Journal a few months ago.  I
spoke to AlienVault at RSA and it sounds very promising.  I am planning
to play with it this summer.

-PaulK

Paul Keser
Assoc. Information Security Officer
Stanford University
650.724.9051
GPG Fingerprint:  DBA3 E20F CE91 28AA DA1C  4A77 3BD9 C82D 2699 24FB

On 10-04-26 08:35 AM, Matthew Gracie wrote:
> Adam Garside wrote:
> > On Apr 26, 2010, at 11:02 AM, Youngquist, Jason R. wrote:
> >
> > > Is anyone using any Open Source or low cost centralized log
> > > management/SIEM solution in a production environment which you
> > > would recommend?
> >
> > Jason, we use OSSEC-HIDS. It is primarily a HIDS solution but can
> > take logs via syslog if you don't wish to place agents on your
> > systems. It is very configurable, easy to setup, has a standard
> > correlation configuration, and doesn't require a lot in terms of
> > hardware.
> >
> > The website is at: www.ossec.net
> >
> > Warm regards, Adam
>
> There was an excellent presentation on OSSEC at the Security
> Professional's Conference this year - it prompted me to install the
> server and start playing around with it, and I doubt I'm the only one.
>
> http://net.educause.edu/SEC10/Program/1023654?PRODUCT_CODE=SEC10/SESS01