Re: [logs] ISS NIDS HIDS CheckPoint Solaris logs

From: Michael Boman (michael.bomanat_private)
Date: Sat Jun 14 2003 - 01:06:55 PDT

  • Next message: Nathan K: "Re: [logs] TCPwrappers logging without serving"

    On Tue, 2003-05-27 at 17:54, Mario Maawad Marcos wrote:
    > Hello,
    > 
    > Anyone knows whether exists a tool capable of centralize  logs generated by
    > ISS (NIDS and HIDS) CheckPoint & Solaris in a central console for less than
    > 15.000 $?
    > I've seen NetIQ but it doesn´t work for ISS and Solaris (Unix) environment.
    > And netForensics is too expensive.
    > 
    > Thanks in advance
    
    What about giving prelude-ids a try? It's GPL and won't cost you a cent
    (from your wallet) to give it a try, just your time. I believe that the
    LML (Log Monitoring Lackey) module is what you are looking for, and I
    would suggest PIWI as the GUI. You can find them both at
    www.prelude-ids.org.
    
    LML works by using signatures (to highlight "bad stuff"), and it's easy
    to write new ones if you know regex's (regular expressions). The author
    usually don't mind writing the rules for you if you forward him some
    logs and explain how they are built (ie: what field means what).
    
    Best regards
     Michael Boman
    
    -- 
    Michael Boman
    Security Architect, SecureCiRT Pte Ltd
    http://www.securecirt.com
    
    
    

    _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis



    This archive was generated by hypermail 2b30 : Sat Jun 14 2003 - 13:00:55 PDT