Educause Security Discussion mailing list archives
Re: Log Management
From: "Ferris, Joe" <jferris () ADMIN FSU EDU>
Date: Wed, 10 Mar 2010 09:42:33 -0500
Stanley - We have been using the NitroSecurity SIEM for a three years now and have had great success pulling together logs from all over campus into one central database. The ability to pull in logs from critical server, databases, routers , switches, firewalls, campus flows and our IPS devices has given us great insight into the campus network. Recently Nitro has included the ability to take feeds from NeXpose giving us the ability to track a connection from the campus border through the network until it reaches the endpoint system where we can also see if a system is vulnerable to attack. I do not know of another product that can do all of this to be honest and the speed of the backend database is second to none. If you have any additional questions on or off list please let me know. Regards, Joe Ferris, GCIH, GCFW, GPEN Network Security Engineer Florida State University IT Security Team 850.645.8051
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hammond, Stanley Sent: Friday, March 05, 2010 10:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Log Management I am looking to see what other institutions are using to manage their event/system log files. Currently I have Snare installed on our Windows servers and sending
the
events to a syslog server. That server originally had Prelude IDS installed and I was using Prewikka to view the logs as needed. The problem with Prelude IDS/Prewikka is that accessing the database is painfully slow unless you purchase the database module for fast
access.
The other option I tested was Splunk which I liked, but because it access Windows systems using WMI it looked like the some of the
Windows
virtual machines took a performance hit (according to our Technical Director). Right now, I query the logs on the syslog server using customized Perl scripts whenever an information request is made. We are making some changes to our environment and would like to get something setup that is a little better than using Perl scripts on the CLI. Stanley M. Hammond Information Security Specialist Cape Cod Community College Email: shammond () capecod edu
Current thread:
- Re: Log Management, (continued)
- Re: Log Management Bradley, Stephen W. Mr. (Mar 05)
- Re: Log Management Joe Vieira (Mar 05)
- Re: Log Management Pufahl, Jason (Mar 05)
- Re: Log Management Hart, Lee Anne (Mar 05)
- Re: Log Management Justin Azoff (Mar 05)
- Re: Log Management Hart, Lee Anne (Mar 05)
- Re: Log Management Wier, Timothy A. (Mar 05)
- Re: Log Management Christopher Jones (Mar 05)
- Re: Log Management King, Ronald A. (Mar 05)
- Re: Log Management Dexter Caldwell (Mar 05)
- Re: Log Management Ferris, Joe (Mar 10)