OSSIM or prelude will do the needful.. isnt it???
Sumit
On 9/27/05, infosecadmin <infosecadmin@comcast.net> wrote:
SNARE has been a great tool for getting the unholy windows servers to report
to syslog :-). As for the analysis portions, I've replied more on regex
tools, perl, SWATCH and the likes.
Not much you cant do with the tools already out there, unless you are
looking for full automation and correlations. If anyone finds one that does
complete correlation, statistical / historical trending, and can reboot
servers, let me know :-P.
----- Original Message -----
From: "Ronnie Miller" <rbmiller12@gmail.com>
To: <ivanhec@gmail.com>
Cc: "Todd Troxell" <ttroxell@debian.org>; <bhawesh77@yahoo.com>;
<security-basics@securityfocus.com>
Sent: Friday, September 09, 2005 10:51 AM
Subject: Re: Log Analyzer Tool
I don't think I've seen Snare from http://www.intersectalliance.com/
mentioned. This is one of the ones I'm considering. Is anyone else
using this? It has an Open Source side, and they also have an
appliance.
Ronnie
On 9/8/05, Ivan . <ivanhec@gmail.com> wrote:
check out http://www.loganalysis.org/
cheers
Ivan
On 9/8/05, Todd Troxell <ttroxell@debian.org> wrote:
On Fri, Sep 02, 2005 at 03:42:21PM -0000, bhawesh77@yahoo.com wrote:
Hello List!
We currently review security logs from various applications and
systems. We are looking for a log analyzer tool that can read the logs
from various formats and analyze the logs based on the criteria we
provide. We want this software to send alerts, provide executive
reports etc. Do you know of some good security log analyzer tools. Any
help would be appreciated.
Logcheck is a simple solution if you speak regex.
--
[ Todd J. Troxell ,''`.
Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' :
http://debian.org || http://rapidpacket.com/~xtat `. `'
`- ]
--
Sumit Siddharth
Btech--IIT Kanpur
