Re: Event Log Monitoring - Recommendations

["Fisher, Matthew C" <FisherMC () WOFFORD EDU>]

We use Event Log Analyzer in or environment. If you are looking for good central logging with reporting and alerts this 
works well and is priced well. I have not used any of the others so I can comment on them.


Matt

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Schmalhofer
Sent: Thursday, April 25, 2013 11:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Event Log Monitoring - Recommendations

We do not currently have any product for event log and/or system log monitoring, reporting, and alerting, but are about 
to begin the process of reviewing various products to see what might be the best fit for our environment, needs, and 
budget(small). We are a mix of Windows (AD), HP Unix, and Linux servers with Exchange and Oracle. Please let me know if 
you are able to recommend any product or solution for monitoring logs and providing various reporting and alerting. At 
the recent Educause Security Professionals Conference several individuals had recommended QRadar. Any thoughts or 
feedback on these products and/or any others would be greatly appreciated.


-          QRadar (Q1Labs)

-          What's Up Log Management Suite (IPswitch)

-          GFI Events Manager (GFI)

-          Event Log Analyzer (ManageEngine)

-          StealthWatch (Lancope)

-          Others

Thanks for any and all feedback!

Thanks,
Greg

Greg Schmalhofer
Information Security Coordinator
Millersville University