AW: [logs] About the logging infrastructure

From: Fehringer, Gerald (Gerald.Fehringer@private)
Date: Wed Apr 13 2005 - 01:03:18 PDT


Hi Phi,
 
 
1. YES and NO (for a comprehensive security information management you
should/must have both in place)
    People always afraid about the huge amount of logfiles - but in the
most cases it is only a question of proper device configuration and
correlation
    (it's not the amount of logs given you quality statements- only a
matter of logging centralization, an intelligent correlation,
categorization, priorization
     and last but not least: interpretation. Start with major alarms and
getting familiar with the system.)
     
     Check this opensource framework: http://www.ossim.net/
    (inlcudes mostly all of your requirements for a medium environment,
in my opinion
    also for a huge distributed setup, depends on your customization
effort...or you buy one of the fancy GUI SIM solutions like Arcsight,
Netforensic & co)
 
 
cheers,
geri

________________________________

Von: loganalysis-bounces+gf=openadvice.de@private
[mailto:loganalysis-bounces+gf=openadvice.de@private] Im Auftrag
von Phi Phu
Gesendet: Mittwoch, 13. April 2005 09:38
An: loganalysis@private
Betreff: [logs] About the logging infrastructure


Dear all,
I am a new person in this mailling list. I have some following questions
that i really want they will be aswered:
1. Should we try to use effectively the existing log data (from OS and
applications) for the security purpose, in stead of using IDS or other
monitoring tools that also producing log data in the flooded-by-log
world today?
2. (If question #1 is "yes") is there any existing solution or product
that manages the log data for a small and medium enterpise (with the
standard computer network including: user workstations, file server, web
server, mail server, gateway to Internet, firewall, db server) for the
intrusion detection purpose?
3. (if question #2 is "no") do you think that building a solution like
that is possible?
 
Thank you, and best regards,
Phi




_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Wed Apr 13 2005 - 09:30:26 PDT