Security Basics mailing list archives
RE: Logging
From: Albert Gonzalez <albertg () cerveau us>
Date: Sat, 19 Jan 2008 17:33:56 -0600
What snare does is take those eventlogs and spews them out in a syslog normalized format. I can't speak for the commercial version but it won't do compliance type reporting. There is an opensource correlation engine that will help you leverage your logs. Thanks, Albert G. -- Success comes to the person who does today, what you are thinking of doing tomorrow -----Original Message----- From: infolookup () gmail com Sent: Saturday, January 19, 2008 1:55 PM To: Albert Gonzalez <albertg () cerveau us>; listbounce () securityfocus com; Lee Hilt <lhilt () mbc edu>; 'Krzyston, Randy' <RandyK () gen-probe com>; security-basics () securityfocus com Subject: Re: Logging Has anyone used Snare for linux I saw it on sourceforge? If so how is compair to Splunk? Sent via BlackBerry from T-Mobile -----Original Message----- From: Albert Gonzalez <albertg () cerveau us> Date: Fri, 18 Jan 2008 17:57:09 To:Lee Hilt <lhilt () mbc edu>,"'Krzyston, Randy'" <RandyK () gen-probe com>,<security-basics () securityfocus com> Cc:<listbounce () securityfocus com> Subject: RE: Logging Although the interface could use some love, the reports I can generate via loglogic keep the various mgr happy. Plenty of canned reports and of course custom. I've even used it for notifications where applications logging capabilities lacked. The ability to have log management is invaluable, now if only someone was looking at it :) HTH, Albert -----Original Message----- From: Lee Hilt <lhilt () mbc edu> Sent: Friday, January 18, 2008 1:18 PM To: 'Krzyston, Randy' <RandyK () gen-probe com>; security-basics@securityfocuscom Cc: listbounce () securityfocus com Subject: RE: Logging If you are simply looking for a storage solution, (logs in, emails on threshold of error rates, etc) Kiwi would be the way to go. If you are looking for a more granular look, along with searchable questions like "Show me accounts with a high incidence of password failures" and other questions, your solution might best be serviced by http://manageengine.adventnet.com/products/eventlog/index.html Pricing is kinda high, but it is a pretty good product. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Krzyston, Randy Sent: 2008-01-18 1:19 To: security-basics () securityfocus com Cc: listbounce () securityfocus com Subject: Logging We are looking to implement a syslog server. It needs to not only be capable of storing logs ,but also detailed reporting for things such as SOX
Current thread:
- RE: Logging Albert Gonzalez (Jan 19)
- Re: Logging infolookup (Jan 19)
- <Possible follow-ups>
- RE: Logging Albert Gonzalez (Jan 21)