1) As well as, not instead of. And then correlate them together. And do it in real time. 2) Plenty. Use Google. Varies from freeware, open source through appliance-based systems up to enterprise-scale software solutions. 3) It is possible? Sure. Is it a good idea? Only for trivial deployments (but I work for a vendor, so take with whatever pinch of salt you prefer). Keeping up with the daily barrage of exploits, vulnerabilities, linking them together and maintaining the system and adding new features to your in house effort will quickly cause you to either: a) spend more time and money than you would on a third party solution (commercial or open source) b) give up on keeping up, which over time will reduce the value of your solution FWIW, Phil Hollows VP Product Marketing OpenService, Inc. www.open.com 508.599.2030 -----Original Message----- From: loganalysis-bounces+phil=open.com@private [mailto:loganalysis-bounces+phil=open.com@private] On Behalf Of Phi Phu Sent: Wednesday, April 13, 2005 3:38 AM To: loganalysis@private Subject: [logs] About the logging infrastructure Dear all, I am a new person in this mailling list. I have some following questions that i really want they will be aswered: 1. Should we try to use effectively the existing log data (from OS and applications) for the security purpose, in stead of using IDS or other monitoring tools that also producing log data in the flooded-by-log world today? 2. (If question #1 is "yes") is there any existing solution or product that manages the log data for a small and medium enterpise (with the standard computer network including: user workstations, file server, web server, mail server, gateway to Internet, firewall, db server) for the intrusion detection purpose? 3. (if question #2 is "no") do you think that building a solution like that is possible? Thank you, and best regards, Phi Do you Yahoo!? Yahoo! Small Business - Try our new resources site! _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Apr 13 2005 - 09:34:19 PDT