Re: syslog

From: Ramon Kagan (rkagan_at_yorku.ca)
Date: 09/27/04

  • Next message: Paul Kurczaba: "Hard Drive data security" 
    Date: Mon, 27 Sep 2004 12:58:28 -0400 (EDT)
To: Thomas Harris <tharris@andera.com>

    HI,

    I've been using logsurfer for the past 4 years and it is an excellent
    tool. I must be honest though that I'm looking at logsurfer+ right now
    since it adds some much appreciated features. Nonetheless they are the
    same product, just a resurrection. I haven't found a better log parsing
    tool yet. BTW, we scan about 0.4-0.7GB daily in real time.

    Ramon Kagan
    York University, Computing and Network Services
    Information Security - Senior Information Security Analyst
    (416)736-2100 #20263
    rkagan@yorku.ca

    ----------------------------------- ------------------------------------
    I have not failed. I have just I don't know the secret to success,
    found 10,000 ways that don't work. but the secret to failure is
                                           trying to please everybody.
            - Thomas Edison - Bill Cosby
    ----------------------------------- ------------------------------------

    On Fri, 24 Sep 2004, Thomas Harris wrote:

    > Has anyone used logsurfer for this purpose?
    >
    > http://www.crypt.gen.nz/logsurfer/
    >
    >
    >
    > Anich, Ryan L wrote:
    >
    > >I am not sure how in depth you are planning to go with your strategy, but
    > >this is what I am looking at for a solution for my company.
    > >
    > >http://www.arcsight.com/
    > >
    > >
    > >
    > >-----Original Message-----
    > >From: Tran, Nhon [mailto:Nhon.Tran@logicacmg.com]
    > >Sent: Monday, September 20, 2004 2:36 AM
    > >To: security-basics@securityfocus.com
    > >Subject: syslog
    > >
    > >Hi all
    > >One of the companies I support wants to implement a syslog strategy for all
    > >their infrasturcture devices.. Unix boxes, windows server, cisco comms
    > >devices. To hopefully capture all the logs, we're talking about lots of
    > >logs, their domain servers log about 300K items a day!.. Unix boxes log
    > >heaps too about 70K per day per server!.. They have around 80 unix server,
    > >120 windows servers and about 150 comms devices.. Any idea what the best way
    > >to go about this would be, also any suggestions of what log analysis
    > >software to use?
    > >Nhon
    > >
    > >This e-mail and any attachment is for authorised use by the intended
    > >recipient(s) only. It may contain proprietary material, confidential
    > >information and/or be subject to legal privilege. It should not be copied,
    > >disclosed to, retained or used by, any other party. If you are not an
    > >intended recipient then please promptly delete this e-mail and any
    > >attachment and all copies and inform the sender. Thank you.
    > >
    > >---------------------------------------------------------------------------
    > >Computer Forensics Training at the InfoSec Institute. All of our class sizes
    > >are guaranteed to be 12 students or less to facilitate one-on-one
    > >interaction with one of our expert instructors. Gain the in-demand skills of
    > >a certified computer examiner, learn to recover trace data left behind by
    > >fraud, theft, and cybercrime perpetrators. Discover the source of computer
    > >crime and abuse so that it never happens again.
    > >
    > >http://www.infosecinstitute.com/courses/computer_forensics_training.html
    > >----------------------------------------------------------------------------
    > >
    > >---------------------------------------------------------------------------
    > >Computer Forensics Training at the InfoSec Institute. All of our class sizes
    > >are guaranteed to be 12 students or less to facilitate one-on-one
    > >interaction with one of our expert instructors. Gain the in-demand skills of
    > >a certified computer examiner, learn to recover trace data left behind by
    > >fraud, theft, and cybercrime perpetrators. Discover the source of computer
    > >crime and abuse so that it never happens again.
    > >
    > >http://www.infosecinstitute.com/courses/computer_forensics_training.html
    > >----------------------------------------------------------------------------
    > >
    > >
    > >
    >
    >

  • Next message: Paul Kurczaba: "Hard Drive data security"