Educause Security Discussion mailing list archives
Re: Log management
From: Greg Vickers <g.vickers () QUT EDU AU>
Date: Thu, 1 Feb 2007 10:03:23 +1000
Hi Charles, Charles L. Bombard wrote:
Hey everyone, What would you all recommend for central log management? We are currently looking at GFI eventmanager. The ideal solution will combine the monitoring of both windows and linux logs, and have the ability to generate alerts based on our settings. Recommendations of things to look at as well as things to avoid is appreciated.
Over the course of 18 months, we have done an investigation, initial trial and extended trial and the we feel that the best product for this University is Huntsman by Tier-3 (Tier-3, http://www.tier-3.com, are based in Sydney, Australia) These were the companies who responded to our investigation: Computer Associates IBM Checkpoint CISCO ISS eIQ Networks LogLogic Network Intelligence Tenable ArcSight OpenService Symantec netForensics eSecurity Micromuse NetIQ Tier-3 SenSage Intellitactics The results from the investigation directed us to trial products from the following companies: OpenService Tier-3 SenSage Intellitactics As an outcome of the extended trial, we have presented to our Steering Committee our report with the recommendation to proceed with purchasing Huntsman. There are some follow up items that the Steering Committee wish to discuss with our local supplier and Tier-3 so we have not completed the purchase yet. I'm sure that this sector has changed in the last 18 months - some of the features of Huntsman that made it attractive to us were: * Anomaly detection * Reporting * Alerting * Simple, easy to use GUI interface (via a thick client) * Correlation of events across different event sources * 'Universal' log processor & integration Some of these other products will be more suitable to a different environment, situation or financial resource (the range we found was free vs six figures.) Your mileage will vary :p Feel free to shoot me questions about our process and result. So not really a recommendation, but this is what we did and what we found would be suitable for QUT. I hope it gives you some useful information and some other places to look. However, thinking about it, one of the most telling indicators was how enthusiastically a given company responded to our inquiries. The responses we had ranged from a single page of sales propaganda to a sheaf of paper 2cm thick! -- Greg Vickers IT Security Engineer & Project Manager IT Security, Network Services, Information Technology Services Queensland University of Technology L12, 126 Margaret St, Brisbane Phone: +61 7 3138 9536 Mobile: 0410 434 734 Fax: +61 7 3138 2921 Email: g.vickers () qut edu au IT Security web site: http://www.its.qut.edu.au/itsecurity/ CRICOS No. 00213J
Current thread:
- Re: Log management, (continued)
- Re: Log management Mclaughlin, Kevin L (mclaugkl) (Jan 31)
- Re: Log management John Bullock (Jan 31)
- Re: Log management Jeff Giacobbe (Jan 31)
- Re: Log management Alex Campoe (Jan 31)
- Re: Log management Charles L. Bombard (Jan 31)
- Re: Log management Chris Green (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Nick Lewis (Jan 31)
- Re: Log management Greg Vickers (Jan 31)
- Re: Log management Jason Richardson (Feb 01)
- Re: Log management John Ladwig (Feb 01)
- Re: Log management Wes Young (Feb 01)
- Re: Log management Mark Bauer (Feb 01)
- Re: Log management Kees Leune (Feb 20)