have you looked at prelude-ids (http://www.prelude-ids.org/)? I would say it's the closest thing to be a complete OSS SIM of all of the OSS apps out there right now. Cheers, Harry Anton Chuvakin wrote: > Hey all, > > The discussion about SIM currently ongoing on the daildave mailing > list (see, for example, > http://lists.immunitysec.com/pipermail/dailydave/2005-December/002725.html) > seems more relevant for this list, but to avoid cross-posting I > figured I will just throw a link. Feel free to restart the discussion > here! :-) > > It started from Thomas Ptacek predicting that "There's about $100MM > spent annually on products that manage and correlate logs. Guess what? > None of it is hard to do. The underlying tools are there. Customers > know how to do this better than the vendors do. Expect a mainstream > open-source combination of Argus and Sguil to own the security > management conversation next year" (see > http://www.sockpuppet.org/tqbf/log/2005/12/pro-forma-05-06-punditry-results.html), > then others disagreeing and them me fiercely supporting the latter > side :-) > > Best, > -- > Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA > http://www.chuvakin.org > http://www.securitywarrior.com > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Dec 30 2005 - 19:24:26 PST