Anton Chuvakin wrote: > It started from Thomas Ptacek predicting that "There's about $100MM > spent annually on products that manage and correlate logs. Guess what? > None of it is hard to do. The underlying tools are there. Customers > know how to do this better than the vendors do. Expect a mainstream > open-source combination of Argus and Sguil to own the security > management conversation next year" (see > http://www.sockpuppet.org/tqbf/log/2005/12/pro-forma-05-06-punditry-results.html), > then others disagreeing and them me fiercely supporting the latter > side :-) > > Agreed. I play in the SIM/SOM space a fair bit and whilst there are some good open source tools out there (sguil being an example) they mostly can't compete with the Symantec's the world and their ability to provide correlation for numerous types/versions of devices. Indeed it's not a quality question - it's a bandwidth one. If you wanted to make the argument about which tools are better, open source or commercial and excluding their scope limitations, then we might have a very different discussion... Regards James Turnbull -- James Turnbull <james@private> --- Author of Hardening Linux from Apress (http://www.amazon.com/exec/obidos/tg/detail/-/1590594444/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40) _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Dec 30 2005 - 18:34:14 PST