Security Basics mailing list archives
Re: Logging utility
From: "steve" <securityfocus () delahunty com>
Date: Fri, 6 Aug 2004 12:59:51 -0400
The important point below being related to once you have all your logs sent to a central place, then what? It is hard to wade through all the stuff that is not really important on the border devices especially and figure out what is a big problem or not. For that type work I recommend a managed security services provider. For the internal server type log monitoring we all likely have the skills to figure out what is really important or not. ----- Original Message ----- From: "Roger A. Grimes" <roger () banneretcs com> To: "William Barrett" <William.Barrett () bvainc com>; <security-basics () securityfocus com> Sent: Thursday, August 05, 2004 2:51 PM Subject: RE: Logging utility At a bare minimum you can use a Syslog-based product, like Kiwi syslog or Sourceforge's Ntsyslog (http://ntsyslog.sourceforge.net) Almost every security device in the world can talk syslog. You can use Ntsyslog to get the Windows event logs to syslog. So you can aggregate events to one syslog server/database. The real work is then building reports from the data and splicing the events into more fields than the default syslog database allows. Even when you get all the data aggregated, different devices will report (even the same events) differently. For example, a Port scan may be called two different things by two different devices and and the filter that identifies the port scan on one device will probably be different than it is on another. So the easy part is collecting and aggregating. Making useful data and reports out of it is much more effort. Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), A+ *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) ************************************************************************ **** -----Original Message----- From: William Barrett [mailto:William.Barrett () bvainc com] Sent: Wednesday, August 04, 2004 11:14 PM To: security-basics () securityfocus com Subject: Logging utility My boss sent me the following question today. It seems like I have heard about something like this, but I'm drawing a blank. Has anyone here heard of something like this? And if so can you point me in the right direction?
Is anyone aware of a product that will aggregate logs from Windows
2000/2003, Cisco routers, PIX firewalls, etc. into one central
location for review?
WTB ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Logging utility, (continued)
- RE: Logging utility Kurt (Aug 06)
- RE: Logging utility Hamlesh Motah (Aug 06)
- Re: Logging utility Michael Rice (Aug 06)
- Re: Logging utility Tat-Wee KAN (Aug 09)
- RE: Logging utility Michael Shirk (Aug 06)
- Re: Logging utility H Carvey (Aug 06)
- RE: Logging utility Joe Quigley (Aug 06)
- RE: Logging utility Jennifer Fountain (Aug 06)
- Re: Logging utility buzz (Aug 12)
- RE: Logging utility Roger A. Grimes (Aug 06)
- Re: Logging utility steve (Aug 06)
- Re: Logging utility Roman Werpachowski (Aug 06)
- RE: Logging utility Arun Vishwanathan (Aug 06)
- RE: Logging utility Andrew Shore (Aug 06)
- RE: Logging utility Anich, Ryan L (Aug 09)
- RE: Logging utility Depp, Dennis M. (Aug 09)
- RE: Logging utility Kurt (Aug 06)