Re: Searching for a product that aggregates logs and can generate alerts

[Genjii <genjii () gmail com>]

Pranav Lal wrote:

> Hi all,
>
> I have been asked to find a product that aggregates logs that is 
> router logs, IDS logs, operating system logs and generates alerts if 
> something is amiss. I have found one such product at
> http://www.intersectalliance.com/projects/index.html
>
> Does any one know of any other such product? I believe Sisco has 
> something like this.
>
> The objective of the exercise is to reduce the load on the system 
> administrator and to have better alerting. I am trying to find a 
> product that supports sms alerts.
>
> Pranav
For a commercial product take a look at http://www.network-intelligence.com/
I think this appliances greatest strength is its correlation of syslog 
info, supports for multiple devices (as some manufacturers use their own 
priority logging format E.G Checkpoint). 
It comes fully loaded with one click reports, that are very helpful for 
auditing and compliance.  As well as you requested can do alerting.  
When certain syslog messages arrive or go over a threshold you can 
choose to be emailed, paged, execute a script, and a couple more.  I 
think most organisations see it as a more off a compliance solution 
rather than just alerting.

Would appreciate your thoughts on it, or anyone else who is using it?  I 
was able to trail this in a lab for month, and even though its called an 
appliance, it sits on a intel box running win2k and their custom app.. 
although it is nice compared to others I have seen out there.