RE: [logs] About the logging infrastructure

From: Phil Hollows (phollows@private)
Date: Wed Apr 13 2005 - 09:06:04 PDT


1) As well as, not instead of.  And then correlate them together.  And do it in real time.
2) Plenty.  Use Google.  Varies from freeware, open source through appliance-based systems up to enterprise-scale software solutions.
3) It is possible?  Sure.  Is it a good idea?  Only for trivial deployments (but I work for a vendor, so take with whatever pinch of salt you prefer).   Keeping up with the daily barrage of exploits, vulnerabilities, linking them together and maintaining the system and adding new features to your in house effort will quickly cause you to either:
	a) spend more time and money than you would on a third party solution (commercial or open source)
	b) give up on keeping up, which over time will reduce the value of your solution

FWIW,

Phil Hollows
VP Product Marketing
OpenService, Inc.
www.open.com
508.599.2030


-----Original Message-----
From: loganalysis-bounces+phil=open.com@private [mailto:loganalysis-bounces+phil=open.com@private] On Behalf Of Phi Phu
Sent: Wednesday, April 13, 2005 3:38 AM
To: loganalysis@private
Subject: [logs] About the logging infrastructure

Dear all,
I am a new person in this mailling list. I have some following questions that i really want they will be aswered:
1. Should we try to use effectively the existing log data (from OS and applications) for the security purpose, in stead of using IDS or other monitoring tools that also producing log data in the flooded-by-log world today?
2. (If question #1 is "yes") is there any existing solution or product that manages the log data for a small and medium enterpise (with the standard computer network including: user workstations, file server, web server, mail server, gateway to Internet, firewall, db server) for the intrusion detection purpose?
3. (if question #2 is "no") do you think that building a solution like that is possible?
 
Thank you, and best regards,
Phi

Do you Yahoo!?
Yahoo! Small Business - Try our new resources site! 
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Wed Apr 13 2005 - 09:34:19 PDT