[logs] Oracle IDS

From: Pete Finnigan (peteat_private)
Date: Tue Sep 18 2001 - 02:44:39 PDT

  • Next message: Russell Fulton: "Re: [logs] Log rotation tools"

    Hi
    
    I am replying to my own original post on Oracle logging to say apart
    from one person who emailed my privately no one expressed any interest
    in Oracle log analysis or IDS tools. I don't know if this is because
    there is a lack of interest in Oracle security or because there is
    genuinely nothing out there.
    
    I have seen quite a lot of interest in Oracle security recently and i
    could not find anything myself on Oracle IDS's or log analysis so i have
    decided that i think its the latter and i have decided to write an
    Oracle IDS myself. I dont know what the licensing will be at this stage,
    or whether it will be free or commercial, but i have a design and i have
    started coding a few days ago. 
    
    As i am in the early stages i was hoping for some input from the experts
    who frequent this list as to what features they feel would be important
    in a purely database IDS, built to run inside a database and to monitor
    only a database for attacks or intrusions. 
    
    The functionality will reside in a seperate database and is being
    written in PL/SQL and could if needed be run in the database being
    monitored ( not a good idea ). This will mean it is truly platform
    independant as it resides inside Oracle. Not sure about an interface (
    GUI ) yet, maybe Java based. It will collect the standard audit trail
    and act in real time, or delayed ( you choose ) on records coming in, it
    will also collect various other information at intervals of the users
    choosing. The signatures will be easy to define and be stored in the
    database encrypted.
    
    Any comments will be most welcome even if its to say i am wasting my
    time.
    
    thanks in advance
    
    Pete
    
    -- 
    Pete Finnigan
    IT Security Consultant
    PenTest Limited
    
    Office  01565 830 990
    Fax     01565 830 889
    Mobile  07974 087 885
    
    pete.finnigan@pentest-limited.com
    
    www.pentest-limited.com
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 09:52:30 PDT