Dear Phi, 1. Yes, There is nothing preventing you from getting log data from OS,Routers,Switches,Firewalls,Applications (Oracle,Oblix,Apache to name a few) and IDS/IPS systems. (For small/medium you can always add an IDS/IPS for free called Snort). Logging and aggregation technology exist that allow this type of consolidation. The more data you have durning/after a break in the better off you will be. 2. Yes, If your a smaller organization I would recommend either a roll your own solution made of syslog/syslog-ng. If your a larger organization, and you have plenty of time maybe one of the OpenSource SIM/SEM solutions or a commercial appliance SIM/SEM if you don't have cycles to spend but just need a solution. 3. Several people have built some open source SIM/SEM solutions and even commerical software packages. Here is a jump start on your hunt for log analysis perfection. http://www.networkintrusion.co.uk/consoles.htm Matt Matthew F. Caldwell, CISSP Founder and Chief Security Officer GuardedNet, Inc Home of NeuSecure http://www.guarded.net _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Apr 13 2005 - 09:32:54 PDT