RE: syslog management
From: Garbrecht, Frederick (FGarbrecht@ecogchair.org)Date: 06/19/02
- Previous message: Brian Laing: "RE: IDS Players?"
- Maybe in reply to: Wang, Jack: "syslog management"
- Next in thread: Rich Hart: "Re: syslog management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Garbrecht, Frederick" <FGarbrecht@ecogchair.org> To: "'Wang, Jack'" <Wang@Security-Card.com>, focus-ids@lists.securityfocus.com Date: Wed, 19 Jun 2002 12:33:30 -0400
I use the Winsyslog group of products with success to do everything you've
specified in your list. Winsyslog can log to a database or multiple
databases for files according to your specifications, and it can alert you
in a number of ways (including email), also according to whatever
specifications you supply. It records the original source by IP and can
also do name resolution if you want, and will timestamp and notify you of
the syslog facility and priority settings as well. The companion product
EventReporter can implement syslog reporting of event log activity in
windows systems, so anything that gets sent to the windows event logs can be
sent to your central syslog demon. Monilog can go through your collected
winsyslog datafiles and produce reports for you as well. Personally, we use
monilog for producing quick and dirty reports, and MS Access for doing more
complex analysis of the datafiles. One limitation of monilog at this point
is that is produces reports from syslog messages sent by EventReporter only;
therefore, if you have routers, etc that you are collecting from, you'll
need another way to analyze them (using an external database is how I do
it). I have no affiliation with Adiscon; just a happy user - I think
they've put together a really nice suite of programs that work well and fill
a niche in the Windows world that is otherwise poorly represented. I've
also used Kiwi, which I also like, but the suite of programs from Adiscon
has more overall capability and is easier to set up quickly (at least in my
fumbling hands).
Best,
Fred Garbrecht
-----Original Message-----
From: Wang, Jack [mailto:Wang@Security-Card.com]
Sent: Wednesday, June 19, 2002 11:05 AM
To: focus-ids@lists.securityfocus.com
Subject: syslog management
Hi all:
Is there a good software to manage the huge amount of syslog generated by
Network equipment, IDS etc?
I have tested Kiwi syslog, winsyslog, syslogd.exe etc. In my opinion, the
ideal one should be as following:
--able to classify the log according to source
--able to save into file (.txt, or db)
--able to set up the rows of display
--able to send email message
Or any further comments will be appreciated.
Best Regards,
Jack
- Previous message: Brian Laing: "RE: IDS Players?"
- Maybe in reply to: Wang, Jack: "syslog management"
- Next in thread: Rich Hart: "Re: syslog management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
