PaulDotCom mailing list archives
Re: Looking for some event and security log monitoring software
From: anthony kasza <anthony.kasza () gmail com>
Date: Tue, 10 Jul 2012 17:56:25 -0500
I second the Splunk suggestion. You can collect events via WMI - no agents necessary. OSSEC is a great option as well, but it'll require agents and a Linux machine for managing agents. -AK On Tue, Jul 10, 2012 at 4:10 PM, Bigger Thomas <udiggity () gmail com> wrote:
You can look at splunk, depending on the size of your environment you can get by without agents. There is a lot of setup with splunk and it can get intimidating, but I have found it to often be the best solution out there. There is a free download that handles 500 Meg's of logs a day and you can reach out to their sales dept for a temp enterprise license that will allow more. Just my two cents. Please excuse typos, I'm on my mobile On Jul 10, 2012, at 17:06, Brian Schultz <theconqueror () gmail com> wrote:So I recently started a new job at a small-ish hospital and was tasked with setting up something that can audit security logs. It sounds and is pretty vague, but this is for HIPAA compliance. I'm more of an infrastructure guy and haven't had a chance to deal with security much and my only exposure is really through the podcast. I have no idea what products are out there to do these things. The environment here is about 99.99% Windows. I was taking a look at Solarwinds Log and Event Manager which looks pretty good so far, but it also requires an agent to be installed on any machines you want to monitor which can be a hassle. Is there anything else that I should be taking a look at? GFI Events Manager or some open-source solution? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Looking for some event and security log monitoring software Brian Schultz (Jul 10)
- Re: Looking for some event and security log monitoring software Josh More (Jul 10)
- Re: Looking for some event and security log monitoring software Bigger Thomas (Jul 10)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Champ Clark III (Jul 10)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Champ Clark III (Jul 10)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Matthew Perry (Jul 10)
- Re: Looking for some event and security log monitoring software Guillaume Ross (Jul 10)
- Re: Looking for some event and security log monitoring software Doug Burks (Jul 11)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Bigger Thomas (Jul 10)
- Re: Looking for some event and security log monitoring software Chesmore, Michael [DAS] (Jul 11)
- Re: Looking for some event and security log monitoring software Champ Clark III (Jul 10)