Network management [seems to me to be] the original term used for proactively interpreting log data and SNMP data which was collected across networked connections. Alas, I am not a true historian. Cheers, -Mike Slifcak, working for Guardent, Inc. > -----Original Message----- > From: Tina Bird [mailto:tbird@precision-guesswork.com] > Sent: Wednesday, March 13, 2002 11:59 AM > To: n gold > Cc: Sweth Chandramouli; loganalysisat_private > Subject: Re: [logs] Sentry/Counterpane how is it working ? > > > Thanks Sweth, Faron, for your answers. I'll just > add that yes, the Sentry is completely passive -- we > work with our customers to get their network devices > forwarding to us over syslog, SNMP and SMTP. The > Sentry doesn't take any of the various encrypted > flavors of syslog at this point, mostly from lack of > customer demand. > > Sweth spotted my least favorite bit of our current > Web site descriptions. "Network monitoring" as described > below -- or as used by Bruce once too often in his > copious public speaking -- doesn't mean what we the > geeks mean by "network monitoring". Bruce means, > collecting and processing all the log files produced > on your network. What the rest of the world means, > of course, is sniffing packets and detecting evil... > I've been trying to come up with a more effective > phrase than "network wide log file collection and > analysis" so I can eliminate "network monitoring" > from the doc, but no luck so far. Suggestions > gleefully accepted. > > What >do< we call what we do? > > On Tue, 12 Mar 2002, n gold wrote: > > > The Counterpane Sentry is a "passive" monitoring appliance > in that it > > "listens" to devices that are configured to send their logs > or alerts or > > traps to the Sentry...That is to say, the Sentry does not > do "sniffing". > > their knowledge of the customer's network, current attacks, etc.. > > <aggressive clipping> > > > > > The Sentry uses an outbound SSL connection to set up an > encrypted tunnel > > from it to the remote monitoring centers..And it is a > little more than just > > a straight SSL connection (after all, the CTO is himself a > > cryptographer-extraordinaire, non?). > > > > HTH, > > n gold > > > ----- Original Message ----- > > From: "Sweth Chandramouli" <loganalysisat_private> > > To: <loganalysisat_private> > > Sent: Tuesday, March 12, 2002 4:00 PM > > Subject: Re: [logs] Sentry/Counterpane how is it working ? > > > > > That conflicts with what it says at: > > > > (check out Question 7 : > http://www.counterpane.com/questions.html) > > > , however, now that I look at that link: > > > "Counterpane's business model works because network monitoring is > > > fundamentally better than device monitoring" _does_ imply pretty > > > strongly that they don't gather data from routers, > switches, servers, > > > etc. Either that piece of marketing was written by someone who is > > > using "device monitoring" to mean something different (I > do notice that > > > earlier in the same section they use the phrase "device > monitoring/ > > > management", so perhaps they are just trying to emphasize > that they > > > only monitor things--they aren't like some companies > whose business > > > model was to actually go in and manage devices as part of > their security > > > services), or things have changed greatly. > > > > > > > - How the device handles encrypted connection (like > SSL/TLS, SSH...) ? > > > > - Maybe you can store private key on the sentry box ? > (maybe quite > > dangerous > > > I'm not sure I understand these questions; could you > > > clarify them? > > > > > > > - So with this type of system where can you get the > system log for > > > > example ? (Event log and audit log from WIN32 ? > Specific application > > > > log ?) > > > Again, as of last year, all of this info would be > > > redirected to the sentries just like syslog info would be. > > > > > > > - Another question : Is it possible to get the software > of sentry ? > > > > Or having a technical overview of the software ? > > > There's a whole lot of proprietary stuff on those boxes > > > that I don't think they'd want to give away to > competitors. :) I'm > > > sure if you had specific questions, though, their sales > folks could > > > get you the appropriate info. > > > > > > -- Sweth. > > > > > > -- > > > Sweth Chandramouli ; <svcat_private> > > > President, Idiopathic Systems Consulting > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > > > For additional commands, e-mail: > loganalysis-helpat_private > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > > For additional commands, e-mail: loganalysis-helpat_private > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 19:04:53 PST