Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Event Log Monitor Program

from [scott] Network Security [Permanent Link]
Subject: Re: Event Log Monitor Program
Date: Fri, 21 Sep 2007 02:24:25 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ossec is actually a very good HIDS logging-event notifier.

You can change any log notifications using simple XML rulesets.It is
really easy to configure ( server=agent ).
All logs you want can written easily (no API's).Just simple XML.They
can be sent to any address you specify.

Sometimes there is a problem with simple SMTP because the OSSEC
drivers use their own mailer.This can be a problem if not configured
correctly.

Surely, you can configure your own POP and SMTP.

Excellent for our needs.

Cheers,  Redwolves rule


Kurt Buff wrote:

On each server, I'd place either the Snare client
(http://www.intersectalliance.com - it's open source) or evtsys
(google for it, I don't have the URL handy) - these format the
events and send them out via syslog. To collect the logs, it
depends on what you want to do, but the Kiwi syslog server is free
or damn cheap (the free version won't log to ODBC or do a couple of
other useful things, the pay version will, and last I looked, the
pay version was around US$100.00) and really good, or set up a *nix
box (I like FreeBSD) .

As a possible alternative, OSSEC might be worth your while.
http://www.ossec.org - it's a HIDS package that seems very
interesting, though I haven't had time to play with it yet.

Kurt

On 9/20/07, Adam Savage <Adam_Savage@skillsoft.com> wrote:

I'm looking for a good event log program that can consolidate all
my event logs from my servers into one location. Then I can
report on them and such. We purchased GFI Security Event Log
Monitor but we find the program cumbersome at best and doesn't
give you any insight on some of the event messages that are
produced. I'd like to know if there is a freeware/opensource
solution. I know GFI has recently come out with the Successor to
SELM called EventsManager but we'd like to look into some other
products that are out there first.

Any replies would be greatly appreciated.

Thank you,

Adam





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG82OYsrt057ENXO4RAnzbAJ9R3sw43twTgARVTSfb8bEJwFYfYACgiOMD
dou1UBoK6Sloe+VESURbtpE=
=mqh1
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Very strange nmap scan results, infos3c
Next by Date:  RE: Blocking hack attempts from foreign countries..., Rapley, Michael
Previous by Thread:  Re: Event Log Monitor Program, Kurt Buff
Next by Thread:  RE: Event Log Monitor Program, Roger Onken
Indexes:  [Date] [Thread] [Top] [All Lists]