RE: Open source log analyzer

[Daniel Cid <danielcid () yahoo com br>]

Hi Mohamed,

Splunk is not an open source log analysis tool. It is
free for up to 500MB a day, but not open source.

If you want _open source_ tools, you need to look at
OSSEC[1], SEC[2], logwatch, etc.

1 - http://www.ossec.net
2 - http://www.estpak.ee/~risto/sec/


*Note that I am the developer of ossec, so my opinion
"may be" biased.

> From these open source tools, I would suggest ossec.
It comes with lots of rules by default, is scalable,
support Windows logs, squid logs (same as netcache
I guess), apache logs, etc...

Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net




--- Mohamed Farid <mfarid () mscc com eg> escreveu:

> Go for splunk :
> www.splunk.org 
>
> Mohamed Farid ,, 
> Telecommunication & Security Department Manager ,,,
>  
> Mediterranean Smart Cards Company ,,
> 92 Tahreer Street. Dokki / Cairo / Egypt
> Website    : www.mscc.com.eg
> Email  : mfarid () mscc com eg
> Phone : +2 02 3331439/+2 02 3331400
> Fax      : +2 02 7621164
> Mobile      : +2 0122258350
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> On Behalf Of sami seclist
> Sent: Wednesday, May 09, 2007 2:02 AM
> To: security-basics () securityfocus com
> Subject: Open source log analyzer
>
> Hi list,
>
> I'im looking for an open source log collection and
> analysis solution
> for a netCache appliance. It would be based on
> syslog for collecting
> events, but I would like your advice for an open
> source log analyser.
> A search on tools section of securityfocus.com came
> with about 40
> results !!
>
> Any advice or experience sharing with these tools
> would be welcome.
>
> Thanks, sami.
>
> * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * * * * * * * * * * * * * * * * * * * * * * 
> This e-mail (including attachments) is classified as
> Mediterranean Smart Cards Company confidential and
> proprietary information 
> The recipient hereby is committed to hold in strict
> confidence the contents of this (e-mail, document,
> and information) and not to disclose to any third
> party without the prior written consent of
> Mediterranean Smart Cards Company. 
> Recipient will be held liable for any unauthorized
> disclosure.
> It is intended solely for the addressee. Unless you
> are the addressee, you may not read, copy, use or
> store this e-mail in any way, or permit others to. 
> If you have received it in error, please notify the
> sender by return e-mail and delete the message in
> its entirety, including any attachments
> * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * * * * * * * * * * * * * * * * * * * * * * 



       
____________________________________________________________________________________
Novo Yahoo! Cadê? - Experimente uma nova busca.
http://yahoo.com.br/oqueeuganhocomisso