Re: central firewall auditing software

[Luciano Notarfrancesco <core.lists.firewall-wizards () core-sdi com>]

Larry,
We at Core-SDI are working in such a tool. It's part of the ALAT
(Advanced Logging and Auditing Techniques) project. If you are
interested on betatesting this, please tell me. There will be a beta
soon (within this month, I believe). The beta version will include
support for syslog logs, and adding support for other logs is intended
to be very easy.

Luciano.-

Ogrodnek, Larry wrote:
> Hey, I've been asked to come up with a system that will centralize logging
> information from a bunch of firewalls and store it in a single database
> somewhere so that later people can search/access it from another app or the
> web or whatever.  The firewall machines are running different operating
> systems and the firewalls themselves are from different vendors.
>
> Is there currently a product out there that can just take arbitrary logging
> information (in case a year from now we want to do the same thing with the
> web servers) and centralize it to a database or machine securely?
>
> I haven't found anything out there that meets all of our needs.  There have
> been a few products that only work with a certain firewall, and many more
> products that only work with Windows NT events, etc...
>
> If anyone has seen/heard of any such system or has come across a similar
> need, I would appreciate any pointers you could give.
>
> thanks,
> larry
>
> Larry.Ogrodnek () dowjones com