Security Basics mailing list archives
Re: Enterprise Log Management Systems
From: Steven Hollingsworth <steven () aznc com>
Date: Wed, 25 Apr 2007 12:42:31 -0700
On Wed, Apr 25, 2007 at 07:26:23PM +0530, Tornado wrote:
Hi All, I would like to know which are the best Enterprise log management systems out there in the market. Both commercial and Open source are fine. Here are the requirements:
I've heard splunk [0] works well, if you wanted to go with an FOSS solution you can always use syslog-ng [1] Also, this [2] site has a lot of good information scattered around.
1. Log collection from variety of systems like Windows, Linux, Routers and firewalls.
Windows has a utility called snare [3] that can send it's events to a central syslog server.
2. Analysis of collected logs and co-relation. 3. Report generation for the activities for starndards like ISO 270001 4. Email/SMS alerts.
For these requirements I use a variety of tools, one of which I find most handy is called SEC [4], using that in conjunction with other tools that can mine logs and generate reports in a digestable format would IMHO work well. ~ stevo [0] - http://www.splunk.com/ [1] - http://www.campin.net/syslog-ng/faq.html [2] - http://www.loganalysis.org/ [3] - http://www.intersectalliance.com/projects/SnareWindows/ [4] - http://www.estpak.ee/~risto/sec/
Current thread:
- Enterprise Log Management Systems Tornado (Apr 25)
- Re: Enterprise Log Management Systems Florian Rommel (Apr 25)
- Re: Enterprise Log Management Systems Steven Hollingsworth (Apr 25)
- RE: Enterprise Log Management Systems Doron Keller (Apr 25)
- RE: Enterprise Log Management Systems Anich, Ryan L. (Apr 26)
- RE: Enterprise Log Management Systems Ackley, Alex (Apr 26)
- Re: Enterprise Log Management Systems Tremaine Lea (Apr 26)
- RE: Enterprise Log Management Systems Jim Hanlon (Apr 26)