Re: Logging

[securek9 <securek9 () gmail com>]

Are you wanting to purchase or use free products? If you have the money, 
as it is expensive but worth it for large environments, the Activeworx 
product from Crosstech is an excellent product. You can capture logs for 
all types of devices right into a database or databases and it also has 
nice reporting for Sox related issues amongst others. They also offer a 
nice correlation engine you can purchase with it to correlate attacks. I 
think you can trial it for 15 days or so. The only drawbacks is that it 
only runs on Windows Server and it is a challenge to set up, but once up 
it is really nice.

If you want free, splunk is just ok for viewing logs (not very nice to 
look at), or look into adventnet products. They offer free for small 
offices. I dont think prices are bad for larger environments either. You 
can also always go with syslog-ng to capture and sort log information 
centrally then view with free splunk or some other log viewer.

Hope that helps a little!



infolookup () gmail com wrote:
> I am interested in seeing some feed back on this topic, cause I am looking into doing this too. 
>
> Sent via BlackBerry from T-Mobile
>
> -----Original Message-----
> From: "Krzyston, Randy" <RandyK () gen-probe com>
>
> Date: Fri, 18 Jan 2008 10:19:21 
> To:<security-basics () securityfocus com>
> Cc:<listbounce () securityfocus com>
> Subject: Logging
>
>
> We are looking to implement a syslog server.  It needs to not only be
> capable of storing logs ,but also detailed reporting for things such as
> SOX.  I've looked at LogLogic's products.  I also heard about Kiwi, but
> have not experience with it.
>
> Any comments?
>
>
> Randy
>
>
>
>