Re: Log analisys and siem

[Albert Gonzalez <albertg () cerveau us>]

Greetings,

Since you didn't mention the need for correlation, so a SIEM might not
be what you want just to collect logs. Splunk has a free version that
you might want to look at. I know the free version limits your log feeds
indexing to 500MB/day[1], but worth a test run none the less.

Later,

[1] - http://www.splunk.com/view/SP-CAAADFV#difference

-  
Albert Gonzalez
http://blog.cerveau.us


On Mon, 2009-10-19 at 16:43 +0200, NetExpress wrote:
> Hi everyone,
>
> I am looking for:
> - a solution of log analysis (for tecnichan)
> - a SIEM (security information and event management) solution for 
> management and/or Manager
>
> I collect syslog event on a syslog-ng log server, so I already have a 
> colletor of information.
> Based on this base of vents I would like to do realtime log analysis and 
> SIEM analysis, better if is gpl based.
> Anyone have experience with some product? and with how many computers?
>
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part