Re: Open Source centralized log management/SIEM solutions

[Jason Frisvold <frisvolj () LAFAYETTE EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/26/2010 02:24 PM, Paul Keser wrote:
> There was also a good write up in Linux Journal a few months ago.  I
> spoke to AlienVault at RSA and it sounds very promising.  I am planning
> to play with it this summer.

I've started to dig into OSSEC a bit.  I'm a big user of Osiris
(http://osiris.shmoo.com), but unfortunately, Osiris seems to have
fallen out of maintenance..  It still works, but there hasn't been a new
release in some time.

Based on what I'm seeing, it would appear that OSSEC analyzes logs
internally and external manipulation (ala Splunk) isn't really
supported..  Is this where AlienVault fits in?  (I'm basically
unfamiliar with AlienVault at this point)

While I believe we'll probably use OSSEC for its HIDS capabilities, I am
looking for a really good logging solution.  We'll likely use rsyslog to
forward the syslog data to a central location, but from there I'm still
looking for a solution.  Any help would be appreciated.

> -PaulK

Thanks,

- --
- ---------------------------
Jason Frisvold
Network Engineer
frisvolj () lafayette edu
- ---------------------------
"What I cannot create, I do not understand"
   - Richard Feynman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvfJt8ACgkQO80o6DJ8UvkH5wCdEqUeknVMOtKFEJCCKOzed5pX
uUQAnAsn2o5+fe6z7a8Zq950jLGmhZlH
=72P8
-----END PGP SIGNATURE-----