SNARE has been a great tool for getting the unholy windows servers to report
to syslog :-). As for the analysis portions, I've replied more on regex
tools, perl, SWATCH and the likes.
Not much you cant do with the tools already out there, unless you are
looking for full automation and correlations. If anyone finds one that does
complete correlation, statistical / historical trending, and can reboot
servers, let me know :-P.
----- Original Message -----
From: "Ronnie Miller" <rbmiller12@gmail.com>
To: <ivanhec@gmail.com>
Cc: "Todd Troxell" <ttroxell@debian.org>; <bhawesh77@yahoo.com>;
<security-basics@securityfocus.com>
Sent: Friday, September 09, 2005 10:51 AM
Subject: Re: Log Analyzer Tool
I don't think I've seen Snare from http://www.intersectalliance.com/
mentioned. This is one of the ones I'm considering. Is anyone else
using this? It has an Open Source side, and they also have an
appliance.
Ronnie
On 9/8/05, Ivan . <ivanhec@gmail.com> wrote:
check out http://www.loganalysis.org/
cheers
Ivan
On 9/8/05, Todd Troxell <ttroxell@debian.org> wrote:
> On Fri, Sep 02, 2005 at 03:42:21PM -0000, bhawesh77@yahoo.com wrote:
> > Hello List!
> > We currently review security logs from various applications and
> > systems. We are looking for a log analyzer tool that can read the logs
> > from various formats and analyze the logs based on the criteria we
> > provide. We want this software to send alerts, provide executive
> > reports etc. Do you know of some good security log analyzer tools. Any
> > help would be appreciated.
>
> Logcheck is a simple solution if you speak regex.
>
> --
> [ Todd J. Troxell ,''`.
> Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' :
> http://debian.org || http://rapidpacket.com/~xtat `. `'
> `- ]
>
