RE: Log monitoring / alerting

[bnairn () Telenisus com]

If you're looking for something off the shelf and will not be building your
own database with automated event correlation, you may want to take a look
at Intrusion.com's Kane Secure Enterprise software.  While I'm not
intimately familiar with the product, I'm fairly certain it can do a number
of things you're looking for.

Bryan

-----Original Message-----
From: Jean Caron [mailto:caronj () norac net]
Sent: Thursday, October 05, 2000 12:05 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] Log monitoring / alerting



Hi folks,

I'm sure the question has been asked many times over, yet I don't know
the answer.

I'm looking for a tool, or combination of tools, that can analyze, report
and send alarms based on log files data coming from PIX, Solaris (running
firewall), etc.

As for a quick glance at requirements;

- accept logs from multipls hosts (100s),
- Produce alarms based on syslog messages,
- Distribute alarms via emails, pager, snmp traps, programs calls, etc.
- Detect and log system reboots,
- Alarm if/when logging stops from a certain node,

...just to name a few.

I'm already aware of several such tools out there, but so far, none seem
to do it all, or do it all well.

Any suggestions would be greatly appreciated.

Jean


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards