Educause Security Discussion mailing list archives
Re: Event Log Monitoring - Recommendations
From: Matt Pasiewicz <autodidactic.one () GMAIL COM>
Date: Thu, 25 Apr 2013 09:39:22 -0600
Hey Greg, I'd be really interested in getting my hands on it. I've had a long running interest in Splunk. For a lower cost alternative, I've also heard good things about a combination of logstash and elasticsearch. Bro ( bro.org) is something being deployed at NCAR and it is also beginning to pique my interest as well. Thanks! Matt Pasiewicz, Group Head, Web Engineering National Center for Atmospheric Research Computational & Information Systems Laboratory mattp () ucar edu - 303-497-1805 On Thu, Apr 25, 2013 at 9:19 AM, Greg Williams <gwillia5 () uccs edu> wrote:
Greg, for strictly log management I would recommend Splunk. We put our Splunk deployment in place last year. The goal wasn’t event correlation, it was log management so we weren’t really looking at a SIEM, such as QRadar, Nitro, ArcSight, etc.**** ** ** I put together a log management policy and matrix before I started looking at products. It helped narrow down the products before we started getting bids. I can email it to you if you are interested. **** ** ** Greg Williams IT Security Principal University of Colorado at Colorado Springs Website: http://www.uccs.edu/itsecure greg.williams () uccs edu**** ** ** *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Greg Schmalhofer *Sent:* Thursday, April 25, 2013 9:11 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Event Log Monitoring - Recommendations**** ** ** We do not currently have any product for event log and/or system log monitoring, reporting, and alerting, but are about to begin the process of reviewing various products to see what might be the best fit for our environment, needs, and budget(small). We are a mix of Windows (AD), HP Unix, and Linux servers with Exchange and Oracle. Please let me know if you are able to recommend any product or solution for monitoring logs and providing various reporting and alerting. At the recent Educause Security Professionals Conference several individuals had recommended QRadar. Any thoughts or feedback on these products and/or any others would be greatly appreciated.**** ** ** **- **QRadar (Q1Labs)**** **- **What’s Up Log Management Suite (IPswitch)**** **- **GFI Events Manager (GFI)**** **- **Event Log Analyzer (ManageEngine)**** **- **StealthWatch (Lancope)**** **- **Others**** ** ** Thanks for any and all feedback!**** ** ** Thanks,**** Greg **** ** ** *Greg Schmalhofer* Information Security Coordinator**** Millersville University**** ** **
Current thread:
- Event Log Monitoring - Recommendations Greg Schmalhofer (Apr 25)
- Re: Event Log Monitoring - Recommendations Greg Williams (Apr 25)
- Re: Event Log Monitoring - Recommendations Matt Pasiewicz (Apr 25)
- Re: Event Log Monitoring - Recommendations Kevin Wilcox (Apr 25)
- Re: Event Log Monitoring - Recommendations William C. Moore (Apr 25)
- Re: Event Log Monitoring - Recommendations Matt Pasiewicz (Apr 25)
- Re: Event Log Monitoring - Recommendations David Gillett (Apr 25)
- Re: Event Log Monitoring - Recommendations Patrick Gorsuch (Apr 25)
- Re: Event Log Monitoring - Recommendations Matt Pasiewicz (Apr 25)
- Re: Event Log Monitoring - Recommendations Greg Williams (Apr 25)
- Re: Event Log Monitoring - Recommendations William C. Moore (Apr 25)
- Re: Event Log Monitoring - Recommendations Bradley, Stephen (Apr 25)
- Re: Event Log Monitoring - Recommendations Greg Williams (Apr 25)