Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security Information Management

From: Panth3r <panth3r () swbell net>
Date: Tue, 15 Oct 2002 15:11:40 -0500
www.psionics.com LogWatch comes in handy, it's easy to add "flag's" for
things that you may want to watch out for (but you should have to add any)
and it's very very tweakable so you only get info you need.  It works great
if you team it up with their HostSentry and PortSentry programs...its a free
solution too. Its helped me out alot, i use it when ever i can.

But yea Perl can help you with almost anything you can think off.

If you are new 2 perl check out some of the Oreilly book's they're great.

Florian Hines
Senior Consultant
X-Caliber Consulting & Security
San Antonio, TX

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com]
Sent: Friday, October 11, 2002 7:09 PM
To: security-basics () securityfocus com
Subject: Re: Security Information Management


<ancient oriental advisor mode>
You must become strong in the ways of Perl my son, only when your code is
pure will you master the way of having vision without looking.
</ancient oriental advisor mode>

    Seriously though, nearly all of the systems you mentioned produce text
based log files, a combination of perl scripts to harvest the data and
crystal reports to present it, is probably what you're looking for, unless
you want an "integrated" solution where the management is built in to some
sort of centralized command console, in which case I can't help you.


From: "netsec novice" <netsec9 () hotmail com>
To: security-basics () securityfocus com
Subject: Security Information Management
Date: Fri, 11 Oct 2002 19:18:03 +0000

I'm going through a somewhat overwhelming evaluation for a SIM solution for
our company.  We have several UNIX (AIX) servers, 35+ NT/2000 servers,
SNORT IDS, possible commercial IDS in the future, Command anti-virus,
CheckpointFW, CISCO basic router IDS, Cisco VPN concentrator, 8 cisco
routers and 10 cisco switches.  NetForensics looks pretty strong but all of
them have a pretty hefty price tag.  I'm looking for any of you out there
who could recommend solutions based on your experience.  I will need to
provide management with reports of incidents and activity(justify my job
and other security expenditures).  I'm looking for something that makes
managing all of these sets of information somewhat less daunting and that
is somewhat intuitive to use.

Thanks




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com





Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"I have found the way, and the way is Perl."


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
Previous By Date Next
Previous By Thread Next

Current thread: