On Tue, 2003-05-27 at 17:54, Mario Maawad Marcos wrote: > Hello, > > Anyone knows whether exists a tool capable of centralize logs generated by > ISS (NIDS and HIDS) CheckPoint & Solaris in a central console for less than > 15.000 $? > I've seen NetIQ but it doesn´t work for ISS and Solaris (Unix) environment. > And netForensics is too expensive. > > Thanks in advance What about giving prelude-ids a try? It's GPL and won't cost you a cent (from your wallet) to give it a try, just your time. I believe that the LML (Log Monitoring Lackey) module is what you are looking for, and I would suggest PIWI as the GUI. You can find them both at www.prelude-ids.org. LML works by using signatures (to highlight "bad stuff"), and it's easy to write new ones if you know regex's (regular expressions). The author usually don't mind writing the rules for you if you forward him some logs and explain how they are built (ie: what field means what). Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
This archive was generated by hypermail 2b30 : Sat Jun 14 2003 - 13:00:55 PDT