Re: [logs] comparison chart/ magic Quadrant or something about centralized l ogging systems..

From: Kevin Hanrahan (kevinhat_private)
Date: Wed Apr 02 2003 - 12:40:15 PST

  • Next message: Marcus J. Ranum: "RE: [logs] comparison chart/ magic Quadrant or something about ce ntralized l ogging systems.."

    Understood, but 35 million events over six months is not very much, in
    terms of overall logging.  That works out to be about 195,000 events per
    day, or 2.25 events per second.  I have no doubt that most SEM solutions
    are capable of that volume.
    
    We have customers storing, querying and reporting on 100 million events
    _per day_, and retaining that data for over a year.  To manage this kind
    of volume requires a fundamentally different architecture than that used
    by SEM products.
    
    regards,
    kmh
    
    
    On Wed, 2003-04-02 at 15:22, durnieat_private wrote:
    
    > I would vehemntly disagree, everything in my enterprise that can log
    > is logging into my SEM product. I keep 6 months of data in my very queryable
    > storage facility... Currently I have over 35 million events that I can
    > query and correlate through...
    > 
    > Chris Kirschke
    > Silicon Valley Bank
    > 
    > On Wed, 02 Apr 2003 07:40:24 -0800 Kevin Hanrahan <kevinhat_private>
    > wrote:
    > >You are probably right that he would get more hits, but the hits
    > >he gets
    > >may not help him with the problem he is trying to solve.
    > >
    > >The companies that fall under "Security Event Management" (or Enterprise
    > >Security Management, or Security Information Management, depending
    > >on
    > >who you ask) have some interesting products that can assist users
    > >with
    > >real-time analysis of events that have potential security implications
    > >(IDS alerts, firewall denies, login failures, etc).  But they are
    > >not
    > >capable of processing and storing all the logs from a large enterprise,
    > 
    > >>
    > >and retaining them for months or years in a queryable format.
    > >
    > >The problem of management and analysis of massive log data is a
    > >distinct
    > >(although similar and complementary) problem of that addressed Security
    > >Event Management products.
    > >
    > >(Vendor Disclaimer: Addamark Technologies provides solutions in
    > >the
    > >former category.  Prior to joining Addamark, however, I worked for
    > >3.5
    > >years at a leading Security Event Management vendor.)
    > >
    > >
    > >
    > >
    > >On Tue, 2003-04-01 at 14:17, durnieat_private wrote:
    > >> Call Gartner back and use the term "Security Event Management"...
    > >>
    > >> You'll get alot more hits, trust me...
    > >>
    > >> On Mon, 31 Mar 2003 23:05:11 -0800 Mehtap Erdogan <Mehtap.Erdoganat_private>
    > >> wrote:
    > >> >Hi,
    > >> >I may be considered as a newbie at  centralized logging systems,
    > >>
    > >> > trying to find the best for my company reading documents, getting
    > >> >demos..etc.
    > >> >I tried (through Gartner..etc.) but couldn't find any information
    > >> >comparing different centralized logging systems.
    > >> >Is it possible to get this kind of information or something similar?
    > >> >Thanks, and sorry for my English..
    > >> >Mehtap Erdogan,
    > >> >Security Specialist Asst,
    > >> >Central Bank of Turkey,
    > >> >
    > >> >
    > >
    > >_______________________________________________
    > >LogAnalysis mailing list
    > >LogAnalysisat_private
    > >http://lists.shmoo.com/mailman/listinfo/loganalysis
    > >
    > >
    > -----BEGIN PGP SIGNATURE-----
    > Version: Hush 2.2 (Java)
    > Note: This signature can be verified at https://www.hushtools.com/verify
    > 
    > wlsEARECABsFAj6LRuIUHGR1cm5pZUBodXNobWFpbC5jb20ACgkQ3UH5NRolsbaxJQCf
    > dsyGhI/Xkz8F8RR9VmZ9lYgycCcAn3u5AdY+uRrXUwF/dTasVyT4C0Gl
    > =bsVj
    > -----END PGP SIGNATURE-----
    -- 
    Kevin Hanrahan                   707-342-2037
    Director, Security Strategy      kevinhat_private
    Addamark Technologies          
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 13:08:27 PST