'Re: Log Analyzer Tool'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: Log Analyzer Tool
From:       Sumit Siddharth <sumit.siddharth () gmail ! com>
Date:       2005-09-28 5:19:29
Message-ID: 489d2f3005092722073fbad42 () mail ! gmail ! com
[Download RAW message or body]

 OSSIM or prelude will do the needful.. isnt it???
Sumit


On 9/27/05, infosecadmin <infosecadmin@comcast.net> wrote:
> SNARE has been a great tool for getting the unholy windows servers to report
>
> to syslog :-).  As for the analysis portions, I've replied more on regex
> tools, perl, SWATCH and the likes.
>
> Not much you cant do with the tools already out there, unless you are
> looking for full automation and correlations. If anyone finds one that does
>
> complete correlation, statistical / historical trending, and can reboot
> servers, let me know :-P.
>
>
> ----- Original Message -----
> From: "Ronnie Miller" <rbmiller12@gmail.com>
> To: <ivanhec@gmail.com>
> Cc: "Todd Troxell" <ttroxell@debian.org>; <bhawesh77@yahoo.com>;
> <security-basics@securityfocus.com>
> Sent: Friday, September 09, 2005 10:51 AM
> Subject: Re: Log Analyzer Tool
>
>
> I don't think I've seen Snare from http://www.intersectalliance.com/
> mentioned. This is one of the ones I'm considering. Is anyone else
> using this? It has an Open Source side, and they also have an
> appliance.
>
> Ronnie
>
>
> On 9/8/05, Ivan . <ivanhec@gmail.com> wrote:
> > check out http://www.loganalysis.org/
> >
> > cheers
> > Ivan
> >
> > On 9/8/05, Todd Troxell <ttroxell@debian.org> wrote:
> > > On Fri, Sep 02, 2005 at 03:42:21PM -0000, bhawesh77@yahoo.com wrote:
> > > > Hello List!
> > > > We currently review security logs from various applications and
> > > > systems. We are looking for a log analyzer tool that can read the logs
>
> > > > from various formats and analyze the logs based on the criteria we
> > > > provide. We want this software to send alerts, provide executive
> > > > reports etc. Do you know of some good security log analyzer tools. Any
>
> > > > help would be appreciated.
> > >
> > > Logcheck is a simple solution if you speak regex.
> > >
> > > --
> > > [   Todd J. Troxell                                         ,''`.
> > >       Student, Debian GNU/Linux Developer, SysAdmin, Geek  : :' :
> > >       http://debian.org || http://rapidpacket.com/~xtat    `. `'
> > >                                                              `-     ]
> > >
> >
>
>
>


--
Sumit Siddharth
Btech--IIT Kanpur

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic