On Jun 13, 2006, at 1:24 PM, Jeff Dell wrote:
Good luck, I'm afraid there basically aren't any. There is
the Honeynet
Security Console and a Perl script called FISQ which is used to
import
log data into the HSC database, but I didn't have much luck with it.
For example, the name of the table my firewall data was stored in was
longer than 16 characters, which violated an undocumented requirement
for HSC to be able read data from it. A cheap alternative is
FireGen,
which runs about $200. It produces pretty good reports, but isn't
customizable.
Thats a funny comment given that a very large search engine company
does their own log file analysis using an inhouse tweaked open source
application. And no, I'm not going to say who or what since it is not
clear to me what exactly the NDA during the interview covered. So I
have to disagree with the comment "there arent any". There some good
ones IF you will put in the time and effort to dial it into your needs.
Firegen is so-so. I used it for about a year on PIX firewalls and
while it worked most of the time, it was picky about how the server
was set up. It does not like terminal servers much which caused some
pain.
mikesweeney@packetattack.com
www.packetattack.com
Home of "Network Security using Linux"
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
