PaulDotCom mailing list archives

your log management tools of choice?

From: rgula at tenablesecurity.com (Ron Gula)
Date: Wed, 10 Jun 2009 06:04:47 -0400

For what its worth, Tenable shipped a Splunk agent this week so you can
feed logs into
our system and do anomaly detection, user tracking and other types of
correlation.

I also really like the Mandiant Highlighter. We run our tools at a lot
of gov't agencies
and universities. I've been able to do things like see that there was an
anomaly on a certain
host and then do a query for that host's DNS records through our logging
solution, and
then drop this file into Highlighter. You can add more and more complex
negative filters
to strip away logs you don't care about. In this case I was looking for
odd DNS requests
and was able to globally remove *gmail.com, *facebook.com, .etc.

Ron Gula
Tenable Network Security

On 6/5/2009 1:51 PM, Paul Asadoorian wrote:

Splunk was one of those tools that got popular after I left the
university.  I think we need to do a tech segment on it as its been
highly recommended by many.

Cheers,
Paul

Russell Butturini wrote:

Commercial or open source? For commercial we like Cisco?s CS-MARS, but
that?s a big investment.  Free tools, Splunk is pretty darn good.

 

*From:* pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Andrew
Anderson
*Sent:* Friday, June 05, 2009 10:20 AM
*To:* PaulDotCom Security Weekly Mailing List
*Subject:* [Pauldotcom] your log management tools of choice?

 

Just trying to wade though the choices...

Looking for recommendations for syslog parsing and management tools. 
(post gathering).


------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090610/da214215/attachment.htm

Current thread:

your log management tools of choice?, (continued)
- - your log management tools of choice? Paul Asadoorian (Jun 05)
    - your log management tools of choice? John Lowry (Jun 05)
    - your log management tools of choice? Michael Douglas (Jun 05)
    - your log management tools of choice? scott burkhart (Jun 05)
    - your log management tools of choice? Andrew Anderson (Jun 05)
    - your log management tools of choice? Keith Pawson (Jun 08)
    - your log management tools of choice? Chris Bentley (Jun 09)
    - your log management tools of choice? Jack Daniel (Jun 09)
    - your log management tools of choice? William Hooper (Jun 09)
    - your log management tools of choice? Jody & Jennifer McCluggage (Jun 09)
    - your log management tools of choice? Ron Gula (Jun 10)
- your log management tools of choice? Paul Asadoorian (Jun 05)
- your log management tools of choice? Chris Merkel (Jun 05)
  - your log management tools of choice? Tim Mugherini (Jun 05)
    - your log management tools of choice? Nicholas B. (Jun 06)
    - your log management tools of choice? Ron Gula (Jun 07)