Re: Searching for a product that aggregates logs and can generate alerts

[Gilles DEMARTY <gilles.demarty () gmail com>]

Hi pranav.

This kind of product is usualy called SEM (for security event management).
 Many software enters this category. among themselves you have commercial ones (
 arcsight, netforensics,exaprotect) and (as far as i know) an
opensource one : OSSIM.

You must consider that the price for SEM systems are a bit high
(usualy 100+ k$).

I don't know for the others, but the exaprotect correlation engine is
quite good and the technologies you specified are supported.

sincerely.

Gilles Demarty

ps : i'm working for exaprotect, so this message may sound a bit
biaised and commercial.


2005/12/5, Pranav Lal <pranav.lal () gmail com>:
> Hi all,
>
> I have been asked to find a product that aggregates logs that is
> router logs, IDS logs, operating system logs and generates alerts if
> something is amiss. I have found one such product at
> http://www.intersectalliance.com/projects/index.html
>
> Does any one know of any other such product? I believe Sisco has
> something like this.
>
> The objective of the exercise is to reduce the load on the system
> administrator and to have better alerting. I am trying to find a
> product that supports sms alerts.
>
> Pranav