Re: Logging

Thank you I actually have syslog-ng installed and I am working on install Splunk, thanks for the feed back everyone.
Sent via BlackBerry from T-Mobile

-----Original Message-----
From: securek9 <securek9@xxxxxxxxx>

Date: Mon, 21 Jan 2008 08:43:08
To:infolookup@xxxxxxxxx
Cc:"Krzyston, Randy" <RandyK@xxxxxxxxxxxxx>, listbounce@xxxxxxxxxxxxxxxxx, security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Logging


Are you wanting to purchase or use free products? If you have the money,
as it is expensive but worth it for large environments, the Activeworx
product from Crosstech is an excellent product. You can capture logs for
all types of devices right into a database or databases and it also has
nice reporting for Sox related issues amongst others. They also offer a
nice correlation engine you can purchase with it to correlate attacks. I
think you can trial it for 15 days or so. The only drawbacks is that it
only runs on Windows Server and it is a challenge to set up, but once up
it is really nice.

If you want free, splunk is just ok for viewing logs (not very nice to
look at), or look into adventnet products. They offer free for small
offices. I dont think prices are bad for larger environments either. You
can also always go with syslog-ng to capture and sort log information
centrally then view with free splunk or some other log viewer.

Hope that helps a little!



infolookup@xxxxxxxxx wrote:
I am interested in seeing some feed back on this topic, cause I am looking into doing this too.

Sent via BlackBerry from T-Mobile

-----Original Message-----
From: "Krzyston, Randy" <RandyK@xxxxxxxxxxxxx>

Date: Fri, 18 Jan 2008 10:19:21
To:<security-basics@xxxxxxxxxxxxxxxxx>
Cc:<listbounce@xxxxxxxxxxxxxxxxx>
Subject: Logging


We are looking to implement a syslog server. It needs to not only be
capable of storing logs ,but also detailed reporting for things such as
SOX. I've looked at LogLogic's products. I also heard about Kiwi, but
have not experience with it.

Any comments?


Randy





Relevant Pages

  • Trying to colour syslog-ng logs to ttyv7 but wont work after a reboot
    ... I have a 5.4-STABLE server that I've reconfigured to use syslog-ng ... It collects logs from all our servers and sorts ... I set syslog-ng to log all remote logs to this destination, ... for some reason way beyond me, it *will not work* after a reboot. ...
    (freebsd-questions)
  • Re: [fw-wiz] Handling large log files
    ... Splunk to manage firewall and switch event logs. ... we used it to alert us to switches reporting an ... output of SEC was fed back in to syslog-ng as and represented in Splunk ...  With this volume, logcheck was able to ...
    (Firewall-Wizards)
  • Re: [fw-wiz] syslog and network management
    ... syslogd we were able to handle an order of magnatude more logs ... How was syslog-ng implemented? ... Which debian ... we noticed a LOT of missing logs, when we changed to the default ...
    (Firewall-Wizards)
  • Re: [fw-wiz] syslog and network management
    ... syslogd we were able to handle an order of magnatude more logs ... How was syslog-ng implemented? ... Which debian ... we noticed a LOT of missing logs, when we changed to the default ...
    (Firewall-Wizards)
  • Re: FREE SYSADMIN SEARCH TOOL
    ... Splunk does not throw your logs into one file, ... Some logs are placed in databases or in some sort of archives. ... The log entry wich do care are saved in a email format. ...
    (linux.redhat)
Quantcast