Thanks Matthew, Yes, the best solution is almost always a custom program using as you say in this case the benefits can bring @syslog. But you´ll agree that custom program has some disadvantages. I´m thinking in cost (money and time), integration, etc... But the real problem is that we are struggling in an heterogeneous environment (Syslog is so dependant from the platform), the log formats are not standard the log generated by a firewall is different that the log generated by a Web server and I can think in other own custom program where it could by harder to get logs... Appart from this we need to be able to separate the logs we want from all the logs. This is not a simple task and is difficult (expensive) to develope a program for this matter. I´ve seen some products like NFR (Secure Log Repository) focused on forense audit. And others like e-Sentinel from e-Security that uses a console that shows in real time the logs divided by levels. That´s nice but I would like to have a more integrated platform. I am thinking in a console, but also in a central repository, log filtering, API for customizing. Here in Spain I´ve seen a tool (well is a suite) that has this point of view, (it uses syslog and SNMP...it could be programmed with POSIX) and it seems to be very good for this purposes, but I feel that it must exist other products around the world. I would like to know if you have worked with any of this kind of solutions, your opinion or feeling and mainly the names. Thanks and regards, Mario. ----- Original Message ----- From: <Matthew.Brownat_private> To: "Mario Maawad Marcos" <mmaawadat_private> Sent: Wednesday, June 19, 2002 7:48 PM Subject: Re: [logs] tools > Mario > > I recommend using @syslog solutions on all your systems. This will > allow you to have every network device and server send their events to a > central server. You could have a programmer or database expert deal with > all the events that arrive at the @syslog server. > > Thanks, > Matthew Brown, CISSP, SSCP > Principal Security Consultant > Incident Response / Digital Forensics > Predictive Systems (Global Integrity Services) > Matthew.Brownat_private > (503) 675-7482 (Main) > (503) 869-8382 (Mobile) > 5038698382at_private (Text pager) > mattatpredictive (IM) > PGP Key Fingerprint: > 9908 D26F B46F E565 EFFD 9511 21DD 20A6 > > > > > > "Mario Maawad Marcos" <mmaawadat_private> > 06/19/2002 04:36 AM > > > To: <loganalysisat_private> > cc: > Subject: [logs] tools > > > > Hi all, > > I know you´ll think that my question is so easy but for me it is not. > > The environment is an bank transaction. The bank wants to have all the > flow through their components (Firewall, router, Application server, BBDD, > OS, etc...) within this bank transaction. > > ¿Does exists any tool which could pick all these logs up generated by all > these differents components in order to be have a legal document wich > could be used to confirm that someone has tried to lie the system? > > I know that there are a lot of tools like Patrol or OpenView or Unicenter, > but these are mainly for monitoring besides monitoring these tools > generate logs as well. But they are not a real tools for log > centralization. > > Can you help me and recommend me some places where I could find out > something? > > > Thanks in advance, > > bye, > > Mario > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 08:20:46 PDT