How about 'Enterprise Log Management' or 'Centralized Log Management'? May sound a bit corporate, but that's what we're trying to do. John Campbell, GCWN Information Security Engineer Washington School Information Processing Cooperative (WSIPC) -----Original Message----- From: Tina Bird [mailto:tbird@precision-guesswork.com] Sent: Wednesday, March 13, 2002 8:59 AM To: n gold Cc: Sweth Chandramouli; loganalysisat_private Subject: Re: [logs] Sentry/Counterpane how is it working ? Thanks Sweth, Faron, for your answers. I'll just add that yes, the Sentry is completely passive -- we work with our customers to get their network devices forwarding to us over syslog, SNMP and SMTP. The Sentry doesn't take any of the various encrypted flavors of syslog at this point, mostly from lack of customer demand. Sweth spotted my least favorite bit of our current Web site descriptions. "Network monitoring" as described below -- or as used by Bruce once too often in his copious public speaking -- doesn't mean what we the geeks mean by "network monitoring". Bruce means, collecting and processing all the log files produced on your network. What the rest of the world means, of course, is sniffing packets and detecting evil... I've been trying to come up with a more effective phrase than "network wide log file collection and analysis" so I can eliminate "network monitoring" from the doc, but no luck so far. Suggestions gleefully accepted. What >do< we call what we do? On Tue, 12 Mar 2002, n gold wrote: > The Counterpane Sentry is a "passive" monitoring appliance in that it > "listens" to devices that are configured to send their logs or alerts > or traps to the Sentry...That is to say, the Sentry does not do > "sniffing". their knowledge of the customer's network, current > attacks, etc.. <aggressive clipping> > > The Sentry uses an outbound SSL connection to set up an encrypted > tunnel from it to the remote monitoring centers..And it is a little > more than just a straight SSL connection (after all, the CTO is > himself a cryptographer-extraordinaire, non?). > > HTH, > n gold > ----- Original Message ----- > From: "Sweth Chandramouli" <loganalysisat_private> > To: <loganalysisat_private> > Sent: Tuesday, March 12, 2002 4:00 PM > Subject: Re: [logs] Sentry/Counterpane how is it working ? > > > That conflicts with what it says at: > > > (check out Question 7 : > > > http://www.counterpane.com/questions.html) > > , however, now that I look at that link: > > "Counterpane's business model works because network monitoring is > > fundamentally better than device monitoring" _does_ imply pretty > > strongly that they don't gather data from routers, switches, > > servers, etc. Either that piece of marketing was written by someone > > who is using "device monitoring" to mean something different (I do > > notice that earlier in the same section they use the phrase "device > > monitoring/ management", so perhaps they are just trying to > > emphasize that they only monitor things--they aren't like some > > companies whose business model was to actually go in and manage > > devices as part of their security services), or things have changed > > greatly. > > > > > - How the device handles encrypted connection (like SSL/TLS, > > > SSH...) ? > > > - Maybe you can store private key on the sentry box ? (maybe quite > dangerous > > I'm not sure I understand these questions; could you clarify them? > > > > > - So with this type of system where can you get the system log for > > > example ? (Event log and audit log from WIN32 ? Specific > > > application log ?) > > Again, as of last year, all of this info would be redirected to the > > sentries just like syslog info would be. > > > > > - Another question : Is it possible to get the software of sentry > > > ? Or having a technical overview of the software ? > > There's a whole lot of proprietary stuff on those boxes that I don't > > think they'd want to give away to competitors. :) I'm sure if you > > had specific questions, though, their sales folks could get you the > > appropriate info. > > > > -- Sweth. > > > > -- > > Sweth Chandramouli ; <svcat_private> > > President, Idiopathic Systems Consulting > > > > -------------------------------------------------------------------- > > - > > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > > For additional commands, e-mail: loganalysis-helpat_private > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Mar 14 2002 - 09:05:09 PST