Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: log monitoring/analysis/correlation systems

From: "sami seclist" <sg.seclists () gmail com>
Date: Wed, 22 Nov 2006 21:39:38 +0100
2006/11/21, Florencio Cano <florencio.cano () gmail com>:
Hello,
I'm interesting in knowing more about your needs. If I understanded
you correctly you need a piece of software


or a hardware


that will receive (or collect) the logs from those devices,


at the present moment devices are 2 routers, one firewall, and IDS and
antiviral solution, but it will certainly evolve


it will parse these logs to a common format and it will try to correlate this information in >order to extract 
conclusions and edit a report.


the system is aimed to support both operational and management level.
operators need devices activity report, incident detection (overloaded
devices, broken telecommunication lines, etc.) and analysis features
(this last point could be achieved by correlating logs from different
sources to find the root cause of the problem).
Managers need periodic reports about their system "health", and
support data to make appropriate strategic decisions.



Am I correct?
Previous By Date Next
Previous By Thread Next

Current thread: