Understood, but 35 million events over six months is not very much, in terms of overall logging. That works out to be about 195,000 events per day, or 2.25 events per second. I have no doubt that most SEM solutions are capable of that volume. We have customers storing, querying and reporting on 100 million events _per day_, and retaining that data for over a year. To manage this kind of volume requires a fundamentally different architecture than that used by SEM products. regards, kmh On Wed, 2003-04-02 at 15:22, durnieat_private wrote: > I would vehemntly disagree, everything in my enterprise that can log > is logging into my SEM product. I keep 6 months of data in my very queryable > storage facility... Currently I have over 35 million events that I can > query and correlate through... > > Chris Kirschke > Silicon Valley Bank > > On Wed, 02 Apr 2003 07:40:24 -0800 Kevin Hanrahan <kevinhat_private> > wrote: > >You are probably right that he would get more hits, but the hits > >he gets > >may not help him with the problem he is trying to solve. > > > >The companies that fall under "Security Event Management" (or Enterprise > >Security Management, or Security Information Management, depending > >on > >who you ask) have some interesting products that can assist users > >with > >real-time analysis of events that have potential security implications > >(IDS alerts, firewall denies, login failures, etc). But they are > >not > >capable of processing and storing all the logs from a large enterprise, > > >> > >and retaining them for months or years in a queryable format. > > > >The problem of management and analysis of massive log data is a > >distinct > >(although similar and complementary) problem of that addressed Security > >Event Management products. > > > >(Vendor Disclaimer: Addamark Technologies provides solutions in > >the > >former category. Prior to joining Addamark, however, I worked for > >3.5 > >years at a leading Security Event Management vendor.) > > > > > > > > > >On Tue, 2003-04-01 at 14:17, durnieat_private wrote: > >> Call Gartner back and use the term "Security Event Management"... > >> > >> You'll get alot more hits, trust me... > >> > >> On Mon, 31 Mar 2003 23:05:11 -0800 Mehtap Erdogan <Mehtap.Erdoganat_private> > >> wrote: > >> >Hi, > >> >I may be considered as a newbie at centralized logging systems, > >> > >> > trying to find the best for my company reading documents, getting > >> >demos..etc. > >> >I tried (through Gartner..etc.) but couldn't find any information > >> >comparing different centralized logging systems. > >> >Is it possible to get this kind of information or something similar? > >> >Thanks, and sorry for my English.. > >> >Mehtap Erdogan, > >> >Security Specialist Asst, > >> >Central Bank of Turkey, > >> > > >> > > > > >_______________________________________________ > >LogAnalysis mailing list > >LogAnalysisat_private > >http://lists.shmoo.com/mailman/listinfo/loganalysis > > > > > -----BEGIN PGP SIGNATURE----- > Version: Hush 2.2 (Java) > Note: This signature can be verified at https://www.hushtools.com/verify > > wlsEARECABsFAj6LRuIUHGR1cm5pZUBodXNobWFpbC5jb20ACgkQ3UH5NRolsbaxJQCf > dsyGhI/Xkz8F8RR9VmZ9lYgycCcAn3u5AdY+uRrXUwF/dTasVyT4C0Gl > =bsVj > -----END PGP SIGNATURE----- -- Kevin Hanrahan 707-342-2037 Director, Security Strategy kevinhat_private Addamark Technologies _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 13:08:27 PST