Re: Log Analyzer Tool

["infosecadmin" <infosecadmin () comcast net>]

SNARE has been a great tool for getting the unholy windows servers to report 
to syslog :-).  As for the analysis portions, I've replied more on regex 
tools, perl, SWATCH and the likes.

Not much you cant do with the tools already out there, unless you are 
looking for full automation and correlations. If anyone finds one that does 
complete correlation, statistical / historical trending, and can reboot 
servers, let me know :-P.


----- Original Message ----- 
From: "Ronnie Miller" <rbmiller12 () gmail com>
To: <ivanhec () gmail com>
Cc: "Todd Troxell" <ttroxell () debian org>; <bhawesh77 () yahoo com>; 
<security-basics () securityfocus com>
Sent: Friday, September 09, 2005 10:51 AM
Subject: Re: Log Analyzer Tool


I don't think I've seen Snare from http://www.intersectalliance.com/
mentioned. This is one of the ones I'm considering. Is anyone else
using this? It has an Open Source side, and they also have an
appliance.

Ronnie


On 9/8/05, Ivan . <ivanhec () gmail com> wrote:
> check out http://www.loganalysis.org/
>
> cheers
> Ivan
>
> On 9/8/05, Todd Troxell <ttroxell () debian org> wrote:
> > On Fri, Sep 02, 2005 at 03:42:21PM -0000, bhawesh77 () yahoo com wrote:
> > > Hello List!
> > > We currently review security logs from various applications and 
> > > systems. We are looking for a log analyzer tool that can read the logs 
> > > from various formats and analyze the logs based on the criteria we 
> > > provide. We want this software to send alerts, provide executive 
> > > reports etc. Do you know of some good security log analyzer tools. Any 
> > > help would be appreciated.
> >
> > Logcheck is a simple solution if you speak regex.
> >
> > --
> > [   Todd J. Troxell                                         ,''`.
> >       Student, Debian GNU/Linux Developer, SysAdmin, Geek  : :' :
> >       http://debian.org || http://rapidpacket.com/~xtat    `. `'
> >                                                              `-     ]
> >