Again, I respectfully disagree. NetIQ is no longer solely focused on Windows shops. With the acquistion of PentaSafe (where I came from) and its VigilEnt products, it became a heterogeous player in security. We have more non-Windows agents than we do Windows agents. NetIQ also provides Unix agents for its performance and availability product, AppManager. And the WebTrends products (part of NetIQ) report on 40+ security devices, not just MS ISA. Moreover, for small shops a single machine could be used for the log engine and the security server. But VigilEnt Log Analyzer was designed for medium to large enterprises, so we enable customers to split the functions among servers for load distribution and horizontal scalability. For example, you could put a log engine in London and a log engine in NY to minimize traffic sent over the Atlantic. Finally, I caution anyone against using syslog for security purposes: it is both unreliable and insecure. It is trivial for an attacker to insert bad data into a network syslog server, including Ntsyslog. It would not hold up in a court of law. And Ntsyslog provides no analytical capabilities like trend analysis. Maybe those problems don't concern some of you, but those are why companies are clamoring for an alternative to syslog and are spending millions on commercial solutions. Chris, if you've had a bad experience with VigilEnt Log Analyzer I'd like to talk. Todd NetIQ -----Original Message----- From: durnieat_private [mailto:durnieat_private] Sent: Friday, March 28, 2003 12:35 PM To: loganalysisat_private; brian_anonat_private Subject: Re: [logs] NetIQ Vigilant Log Analyzer? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetIQ is geared towards small to mid-sized Windoze shops and they really doesn't seem to be in any hurry to change. The log analyzer requires 4 different peices to work, a console, a log analysis engine, the security server, and agents on every server you want to get logs from... Way to much money for sub-par log analysis IMHO. If your a windoze shop, check out NTsyslog for getting you event logs spit out to your log facility... If you have some money to spend, www.guarded.net is the way that I went... Chris Kirschke CISSP Silicon Valley Bank On Fri, 28 Mar 2003 06:09:27 -0800 Brian Anon <brian_anonat_private> wrote: >Anyone here have experience with NetIQ's Vigilant Log Analyzer? > >I'm thinking about using this product to centralize audit logs and >report on events. I'd appreciate any feedback from others who have >used this before. > >Brian > >_________________________________________________________________ >MSN 8 with e-mail virus protection service: 2 months FREE* >http://join.msn.com/?page=features/virus > >_______________________________________________ >LogAnalysis mailing list >LogAnalysisat_private >http://lists.shmoo.com/mailman/listinfo/loganalysis > > -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlsEARECABsFAj6ElioUHGR1cm5pZUBodXNobWFpbC5jb20ACgkQ3UH5NRolsbZXYwCg hPDOVRyL/cubfJZNPgnTTI6s14kAnjyi8ZKNwaiTNUjswcVm7taWha7Z =FKC2 -----END PGP SIGNATURE----- _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Mar 31 2003 - 20:53:48 PST