Interesting product. Would be a lot more interesting if the guts didn't require Windows Server and MS SQL Server. :-) -Alan On Thu, 2004-04-08 at 08:46, Chris Petersen wrote: > *** WARNING *** I am the CTO of a log management/analysis company. > > We recently released a product designed to do exactly this. LogRhythm can > collect log data in agent (Windows, Linux) and agent-less (e.g., syslog, > snmp) deployment architectures. Log data is stored in a horizontally > scalable, distributed log management architecture. Logs can be transformed > to events via a rule builder that uses Perl regex combined with a tagging > notation for extracting normal fields (e.g., IP addresses, login). Logs > transformed to events are forwarded to an event manager for real-time > monitoring. Log data is also automatically aged and archived/destroyed > based on user configuration. > > I like to refer to our architecture as "Push-Pull" where based on user > configuration, high-priority logs are transformed and forwarded as events > but raw log data can be "pulled" on demand for analysis. > > Example: > - Web server attack detected by snort > - Snort log transformed to event and forwarded to event manager > - Event monitored in real-time by user > - User queries LogRhythm for additional logs from web server surrounding > attack to make more accurate and timely decision on what really occurred. > > This last example is what initially got us motivated to build LogRhythm, > adding context to IDS alarms. However, as we have progressed we have found > LogRhythm to provide value in the area of auditing/forensics, operations > monitoring, and soon - the ability to perform data-mining > misuse/intrusion/fraud detection against many different types of log data > (e.g., ERP logs, database logs). > > The other products I am familiar with are primarily focused on security > event management with the exception of Addamark that is log > management/analysis focused. The SEM guys will all say they do logs but I'm > not sure if they are really architected to do so. These other products > include NetForensics. Intellitectics, eSecurity, NeuSecure, and ArcSight. > While some of these products are pretty impressive, they are also pretty > costly. > > If you'd like additional information on LogRhythm please check us out at > http://www.logrhythm.com. > > Chris Petersen > Security Conscious, Inc. > chris@security-conscious.com > www.security-conscious.com > > > -----Original Message----- > From: loganalysis-bounces+chris=security-conscious.com@private > [mailto:loganalysis-bounces+chris=security-conscious.com@private] On > Behalf Of Anthony Butler > Sent: Wednesday, April 07, 2004 10:48 PM > To: loganalysis@private > Subject: [logs] Products for log correlation > > > Hi everyone, > > I was wondering if anyone knows of a tool for log-file correlation and > analysis. By that I mean being able to see in a unified form and arranged > chronologically log entries from a variety of disparate and distributed > systems. For example, web servers, application servers, operating systems > and database servers. > > Thanks for any pointers that you can provide. > > Best Regards, > > Anthony Butler > Amcor > > > > ************************************************************************ > CAUTION - This message may contain privileged and confidential > information intended only for the use of the addressee named above. > If you are not the intended recipient of this message you are hereby > notified that any use, dissemination, distribution or reproduction of > this message is prohibited. If you have received this message in error > please notify AMCOR immediately. > Any views expressed in this message are those of the individual sender > and may not necessarily reflect the views of AMCOR. > ************************************************************************ > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis -- Alan Sparks, Sr. UNIX Administrator asparks@private Quris, Inc. (720) 836-2058 _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Apr 08 2004 - 10:07:17 PDT