Security Basics mailing list archives

RE: Logging

From: Albert Gonzalez <albertg () cerveau us>
Date: Sat, 19 Jan 2008 17:33:56 -0600

What snare does is take those eventlogs and spews them out in a syslog normalized format. I can't speak for the 
commercial version but it won't do compliance type reporting. There is an opensource correlation engine that will help 
you leverage your logs.

Thanks,
Albert G.
 
--
Success comes to the person who does today, what you are thinking of doing tomorrow 

-----Original Message-----
From: infolookup () gmail com
Sent: Saturday, January 19, 2008 1:55 PM
To: Albert Gonzalez <albertg () cerveau us>; listbounce () securityfocus com; Lee Hilt <lhilt () mbc edu>; 'Krzyston, 
Randy' <RandyK () gen-probe com>; security-basics () securityfocus com
Subject: Re: Logging

Has anyone used Snare for linux I saw it on sourceforge? If so how is compair to Splunk?
Sent via BlackBerry from T-Mobile

-----Original Message-----
From: Albert Gonzalez <albertg () cerveau us>

Date: Fri, 18 Jan 2008 17:57:09 
To:Lee Hilt <lhilt () mbc edu>,"'Krzyston, Randy'" <RandyK () gen-probe com>,<security-basics () securityfocus com>
Cc:<listbounce () securityfocus com>
Subject: RE: Logging


Although the interface could use some love, the reports I can generate via loglogic keep the various mgr happy. Plenty 
of canned reports and of course custom. I've even used it for notifications where applications logging capabilities 
lacked. The ability to have log management is invaluable, now if only someone was looking at it :)

HTH,
Albert  

-----Original Message-----
From: Lee Hilt <lhilt () mbc edu>
Sent: Friday, January 18, 2008 1:18 PM
To: 'Krzyston, Randy' <RandyK () gen-probe com>; security-basics@securityfocuscom
Cc: listbounce () securityfocus com
Subject: RE: Logging

If you are simply looking for a storage solution, (logs in, emails on
threshold of error rates, etc) Kiwi would be the way to go. 

If you are looking for a more granular look, along with searchable questions
like "Show me accounts with a high incidence of password failures" and other
questions, your solution might best be serviced by

http://manageengine.adventnet.com/products/eventlog/index.html

Pricing is kinda high, but it is a pretty good product.
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Krzyston, Randy
Sent: 2008-01-18 1:19
To: security-basics () securityfocus com
Cc: listbounce () securityfocus com
Subject: Logging

We are looking to implement a syslog server.  It needs to not only be
capable of storing logs ,but also detailed reporting for things such as SOX

Current thread:

RE: Logging Albert Gonzalez (Jan 19)
- Re: Logging infolookup (Jan 19)
- <Possible follow-ups>
- RE: Logging Albert Gonzalez (Jan 21)