Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Enterprise Log Management Systems

from [Steven Hollingsworth] Network Security [Permanent Link]
Subject: Re: Enterprise Log Management Systems
Date: Wed, 25 Apr 2007 12:42:31 -0700 
On Wed, Apr 25, 2007 at 07:26:23PM +0530, Tornado wrote:

Hi All,

I would like to know which are the best Enterprise log management systems 
out there in the market. Both commercial and Open source are fine.
Here are the requirements:


I've heard splunk [0] works well, if you wanted to go with an FOSS
solution you can always use syslog-ng [1] Also, this [2] site has a lot
of good information scattered around.


1. Log collection from variety of systems like Windows, Linux, Routers and 
firewalls.


Windows has a utility called snare [3] that can send it's events to a central 
syslog
server.


2. Analysis of collected logs and co-relation.

3. Report generation for the activities for starndards like ISO 270001

4. Email/SMS alerts.


For these requirements I use a variety of tools, one of which I find
most handy is called SEC [4], using that in conjunction with other tools
that can mine logs and generate reports in a digestable format would
IMHO work well.

~ stevo

[0] - http://www.splunk.com/
[1] - http://www.campin.net/syslog-ng/faq.html
[2] - http://www.loganalysis.org/
[3] - http://www.intersectalliance.com/projects/SnareWindows/
[4] - http://www.estpak.ee/~risto/sec/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CISSP Prep books?, doug
Next by Date:  RE: Enterprise Log Management Systems, Doron Keller
Previous by Thread:  Re: Enterprise Log Management Systems, Florian Rommel
Next by Thread:  RE: Enterprise Log Management Systems, Doron Keller
Indexes:  [Date] [Thread] [Top] [All Lists]