Re: Open Source centralized log management/SIEM solutions

[Jason Frisvold <frisvolj () LAFAYETTE EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/05/2010 05:16 AM, Russell Fulton wrote:
> Currently I we are looking at OSSIM (yes, that is Alienvault) and prelude but mostly from the point of view of 
> managing snort data.

Are you at all concerned with their packaging methodology?  From what
I'm seeing, OSSIM is only available as an ISO file integrated with
Debian.  We're not Debian users and there's always a question when it
comes to switching platforms for a single purpose if we can work around it..

> Another cheepish option is Aanval, I have played with it briefly again focusing more on the snort side.

I'll take a look at this as well, though they lose points immediately
for having an entirely flash-based website...

> For those interest in log analysis I recommend http://www.loganalysis.org/ there is a lot of information there -- you 
> may even find reference to my stuff.

Excellent site, thanks !

> Russell

- --
- ---------------------------
Jason Frisvold
Network Engineer
frisvolj () lafayette edu
- ---------------------------
"What I cannot create, I do not understand"
   - Richard Feynman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvoQaAACgkQO80o6DJ8UvnmdACePRIlq/DkMCqtV7A5NPq4Cg3U
f88AnivGNlASGSZNIDYeEhBjH2e0+DqL
=EkSr
-----END PGP SIGNATURE-----