RE: [logs] NetIQ Vigilant Log Analyzer?

• Previous message: Paul Robertson: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Next in thread: Todd E. Tucker: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NetIQ's inherent lack of support and refusal to develop for Unix/Linux
management platforms is the biggest issue that I have. Syslog can be
secured as well as timestamped or hashed FYI... I have used this in a
court of law twice to assist in prosecution and had no problems besides
the usual "attack the messenger" tactics. NTsyslog is only the agent,
 it shouldn't be providing any anylitical capaboilities, only transport.
That is what I use my Neusecure CMS for... I understand you work for
NetIQ and can respect your defensive posture:-) I actually use the VSM
for generating audit reports out of my AS400's and Domain members for
Exec's. As far as Security Management platforms go, I will always run
them on unix/linux based systems (except my VSM of course:-) and as I
discussed with your development team, most security folks have a pretty
solid background in this area and will probably go this route...

I'd love to chat with you offline concerning this topic....

Chris Kirschke
Silicon Valley Bank
408-654-7185

On Mon, 31 Mar 2003 15:04:14 -0800 "Todd E. Tucker" <Todd.Tuckerat_private>
wrote:
>Again, I respectfully disagree. NetIQ is no longer solely focused
>on Windows
>shops. With the acquistion of PentaSafe (where I came from) and
>its VigilEnt
>products, it became a heterogeous player in security. We have more
>non-Windows agents than we do Windows agents. NetIQ also provides
>Unix
>agents for its performance and availability product, AppManager.
>And the
>WebTrends products (part of NetIQ) report on 40+ security devices,
> not just
>MS ISA.
>
>Moreover, for small shops a single machine could be used for the
>log engine
>and the security server. But VigilEnt Log Analyzer was designed
>for medium
>to large enterprises, so we enable customers to split the functions
>among
>servers for load distribution and horizontal scalability. For example,

> you
>could put a log engine in London and a log engine in NY to minimize
>traffic
>sent over the Atlantic.
>
>Finally, I caution anyone against using syslog for security purposes:
>it is
>both unreliable and insecure. It is trivial for an attacker to insert
>bad
>data into a network syslog server, including Ntsyslog. It would
>not hold up
>in a court of law. And Ntsyslog provides no analytical capabilities
>like
>trend analysis. Maybe those problems don't concern some of you,
>but those
>are why companies are clamoring for an alternative to syslog and
>are
>spending millions on commercial solutions.
>
>Chris, if you've had a bad experience with VigilEnt Log Analyzer
>I'd like to
>talk.
>
>Todd
>NetIQ
>
>
>-----Original Message-----
>From: durnieat_private [mailto:durnieat_private]
>Sent: Friday, March 28, 2003 12:35 PM
>To: loganalysisat_private; brian_anonat_private
>Subject: Re: [logs] NetIQ Vigilant Log Analyzer?
>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>NetIQ is geared towards small to mid-sized Windoze shops and they
> really
>doesn't seem to be in any hurry to change. The log analyzer requires
>4
>different peices to work, a console, a log analysis engine, the
>security
>server, and agents on every server you want to get logs from...
>Way to much
>money for sub-par log analysis IMHO. If your a windoze shop, check
>out
>NTsyslog for getting you event logs spit out to your log facility...
>If you
>have some money to spend, www.guarded.net is the way that I went...
>
>Chris Kirschke CISSP
>Silicon Valley Bank
>On Fri, 28 Mar 2003 06:09:27 -0800 Brian Anon <brian_anonat_private>
>wrote:
>>Anyone here have experience with NetIQ's Vigilant Log Analyzer?
>>
>>I'm thinking about using this product to centralize audit logs
>and
>>report on events.  I'd appreciate any feedback from others who
>have
>>used this before.
>>
>>Brian
>>
>>_________________________________________________________________
>>MSN 8 with e-mail virus protection service: 2 months FREE*
>>http://join.msn.com/?page=features/virus
>>
>>_______________________________________________
>>LogAnalysis mailing list
>>LogAnalysisat_private
>>http://lists.shmoo.com/mailman/listinfo/loganalysis
>>
>>
>-----BEGIN PGP SIGNATURE-----
>Version: Hush 2.2 (Java)
>Note: This signature can be verified at https://www.hushtools.com/verify
>
>wlsEARECABsFAj6ElioUHGR1cm5pZUBodXNobWFpbC5jb20ACgkQ3UH5NRolsbZXYwCg
>hPDOVRyL/cubfJZNPgnTTI6s14kAnjyi8ZKNwaiTNUjswcVm7taWha7Z
>=FKC2
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysisat_private
>http://lists.shmoo.com/mailman/listinfo/loganalysis
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysisat_private
>http://lists.shmoo.com/mailman/listinfo/loganalysis
>
>
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlsEARECABsFAj6J5PMUHGR1cm5pZUBodXNobWFpbC5jb20ACgkQ3UH5NRolsbZL9ACf
dTOGfdV17IuAo/UHdWulrDc8F4MAnjMSLn8kfexy8sh0cnxp3xS3tJBq
=zzAj
-----END PGP SIGNATURE-----

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: durnieat_private: "Re: [logs] comparison chart/ magic Quadrant or something about centralized l ogging systems.."
• Previous message: Paul Robertson: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Next in thread: Todd E. Tucker: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 01 2003 - 18:34:44 PST