Re: Event Log Monitoring - Recommendations

[Matt Pasiewicz <autodidactic.one () GMAIL COM>]

Hey Greg, I'd be really interested in getting my hands on it.  I've had a
long running interest in Splunk.  For a lower cost alternative, I've also
heard good things about a combination of logstash and elasticsearch.  Bro (
bro.org) is something being deployed at NCAR and it is also beginning to
pique my interest as well.

Thanks!

Matt Pasiewicz, Group Head, Web Engineering
National Center for Atmospheric Research
Computational & Information Systems Laboratory
mattp () ucar edu -  303-497-1805


On Thu, Apr 25, 2013 at 9:19 AM, Greg Williams <gwillia5 () uccs edu> wrote:

>  Greg, for strictly log management I would recommend Splunk.   We put our
> Splunk deployment in place last year.  The goal wasn’t event correlation,
> it was log management so we weren’t really looking at a SIEM, such as
> QRadar, Nitro, ArcSight, etc.****
>
> ** **
>
> I put together a log management policy and matrix before I started looking
> at products.  It helped narrow down the products before we started getting
> bids.  I can email it to you if you are interested.  ****
>
> ** **
>
> Greg Williams
> IT Security Principal
> University of Colorado at Colorado Springs
> Website: http://www.uccs.edu/itsecure
> greg.williams () uccs edu****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Greg Schmalhofer
> *Sent:* Thursday, April 25, 2013 9:11 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Event Log Monitoring - Recommendations****
>
> ** **
>
> We do not currently have any product for event log and/or system log
> monitoring, reporting, and alerting, but are about to begin the process of
> reviewing various products to see what might be the best fit for our
> environment, needs, and budget(small). We are a mix of Windows (AD), HP
> Unix, and Linux servers with Exchange and Oracle. Please let me know if you
> are able to recommend any product or solution for monitoring logs and
> providing various reporting and alerting. At the recent Educause Security
> Professionals Conference several individuals had recommended QRadar. Any
> thoughts or feedback on these products and/or any others would be greatly
> appreciated.****
>
> ** **
>
> **-          **QRadar (Q1Labs)****
>
> **-          **What’s Up Log Management Suite (IPswitch)****
>
> **-          **GFI Events Manager (GFI)****
>
> **-          **Event Log Analyzer (ManageEngine)****
>
> **-          **StealthWatch (Lancope)****
>
> **-          **Others****
>
> ** **
>
> Thanks for any and all feedback!****
>
> ** **
>
> Thanks,****
>
> Greg ****
>
> ** **
>
> *Greg Schmalhofer*
>
> Information Security Coordinator****
>
> Millersville University****
>
> ** **