Firewall Wizards mailing list archives
RE: Log monitoring / alerting
From: bnairn () Telenisus com
Date: Mon, 9 Oct 2000 12:37:51 -0500
If you're looking for something off the shelf and will not be building your own database with automated event correlation, you may want to take a look at Intrusion.com's Kane Secure Enterprise software. While I'm not intimately familiar with the product, I'm fairly certain it can do a number of things you're looking for. Bryan -----Original Message----- From: Jean Caron [mailto:caronj () norac net] Sent: Thursday, October 05, 2000 12:05 PM To: firewall-wizards () nfr net Subject: [fw-wiz] Log monitoring / alerting Hi folks, I'm sure the question has been asked many times over, yet I don't know the answer. I'm looking for a tool, or combination of tools, that can analyze, report and send alarms based on log files data coming from PIX, Solaris (running firewall), etc. As for a quick glance at requirements; - accept logs from multipls hosts (100s), - Produce alarms based on syslog messages, - Distribute alarms via emails, pager, snmp traps, programs calls, etc. - Detect and log system reboots, - Alarm if/when logging stops from a certain node, ...just to name a few. I'm already aware of several such tools out there, but so far, none seem to do it all, or do it all well. Any suggestions would be greatly appreciated. Jean _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: Log monitoring / alerting bnairn (Oct 09)