[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: Re: Log Analyzer Tool
From: Sumit Siddharth <sumit.siddharth () gmail ! com>
Date: 2005-09-28 5:19:29
Message-ID: 489d2f3005092722073fbad42 () mail ! gmail ! com
[Download RAW message or body]
OSSIM or prelude will do the needful.. isnt it???
Sumit
On 9/27/05, infosecadmin <infosecadmin@comcast.net> wrote:
> SNARE has been a great tool for getting the unholy windows servers to report
>
> to syslog :-). As for the analysis portions, I've replied more on regex
> tools, perl, SWATCH and the likes.
>
> Not much you cant do with the tools already out there, unless you are
> looking for full automation and correlations. If anyone finds one that does
>
> complete correlation, statistical / historical trending, and can reboot
> servers, let me know :-P.
>
>
> ----- Original Message -----
> From: "Ronnie Miller" <rbmiller12@gmail.com>
> To: <ivanhec@gmail.com>
> Cc: "Todd Troxell" <ttroxell@debian.org>; <bhawesh77@yahoo.com>;
> <security-basics@securityfocus.com>
> Sent: Friday, September 09, 2005 10:51 AM
> Subject: Re: Log Analyzer Tool
>
>
> I don't think I've seen Snare from http://www.intersectalliance.com/
> mentioned. This is one of the ones I'm considering. Is anyone else
> using this? It has an Open Source side, and they also have an
> appliance.
>
> Ronnie
>
>
> On 9/8/05, Ivan . <ivanhec@gmail.com> wrote:
> > check out http://www.loganalysis.org/
> >
> > cheers
> > Ivan
> >
> > On 9/8/05, Todd Troxell <ttroxell@debian.org> wrote:
> > > On Fri, Sep 02, 2005 at 03:42:21PM -0000, bhawesh77@yahoo.com wrote:
> > > > Hello List!
> > > > We currently review security logs from various applications and
> > > > systems. We are looking for a log analyzer tool that can read the logs
>
> > > > from various formats and analyze the logs based on the criteria we
> > > > provide. We want this software to send alerts, provide executive
> > > > reports etc. Do you know of some good security log analyzer tools. Any
>
> > > > help would be appreciated.
> > >
> > > Logcheck is a simple solution if you speak regex.
> > >
> > > --
> > > [ Todd J. Troxell ,''`.
> > > Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' :
> > > http://debian.org || http://rapidpacket.com/~xtat `. `'
> > > `- ]
> > >
> >
>
>
>
--
Sumit Siddharth
Btech--IIT Kanpur
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic