Security Basics mailing list archives

Re: Enterprise Log Management Systems

From: Steven Hollingsworth <steven () aznc com>
Date: Wed, 25 Apr 2007 12:42:31 -0700

On Wed, Apr 25, 2007 at 07:26:23PM +0530, Tornado wrote:

Hi All,

I would like to know which are the best Enterprise log management systems 
out there in the market. Both commercial and Open source are fine.
Here are the requirements:


I've heard splunk [0] works well, if you wanted to go with an FOSS
solution you can always use syslog-ng [1] Also, this [2] site has a lot
of good information scattered around.

1. Log collection from variety of systems like Windows, Linux, Routers and 
firewalls.


Windows has a utility called snare [3] that can send it's events to a central syslog
server.

2. Analysis of collected logs and co-relation.

3. Report generation for the activities for starndards like ISO 270001

4. Email/SMS alerts.


For these requirements I use a variety of tools, one of which I find
most handy is called SEC [4], using that in conjunction with other tools
that can mine logs and generate reports in a digestable format would
IMHO work well.

~ stevo

[0] - http://www.splunk.com/
[1] - http://www.campin.net/syslog-ng/faq.html
[2] - http://www.loganalysis.org/
[3] - http://www.intersectalliance.com/projects/SnareWindows/
[4] - http://www.estpak.ee/~risto/sec/

Current thread:

Enterprise Log Management Systems Tornado (Apr 25)
- Re: Enterprise Log Management Systems Florian Rommel (Apr 25)
- Re: Enterprise Log Management Systems Steven Hollingsworth (Apr 25)
- RE: Enterprise Log Management Systems Doron Keller (Apr 25)
  - RE: Enterprise Log Management Systems Anich, Ryan L. (Apr 26)
- RE: Enterprise Log Management Systems Ackley, Alex (Apr 26)
- Re: Enterprise Log Management Systems Tremaine Lea (Apr 26)
- RE: Enterprise Log Management Systems Jim Hanlon (Apr 26)