Hi Bruno, You can try using the ossec hids. It is open source and by default it has rules to analyze logs from many sources (including linux, firewalls, ids, etc). In addition to that, you can write very complex correlation rules and execute responses or e-mail alerts... >From your request, it can receive remote syslog messages, receive messages from remote agents (encrypted), correlate these events and respond (and it is all in one). *We don't support windows agents yet, but it will be done soon (for the next version). *Some information about the rules here: http://lists.shmoo.com/pipermail/loganalysis/ 2006-March/002998.html http://www.ossec.net Hope it helps, -- Daniel B. Cid dcid @ ( at ) ossec.net http://www.ossec.net --- Bruno Moraes <bdmoraes@private> escreveu: > Hello All, > > Good Afternoon! I need of a tool that manage > security events in several environments, as network > devices (FW, IDS, Routers, Switchs), operational > systems (Unix, Linux, W2003) and Corporate Systems > (SAP, HR Systems, etc) .. this in one box. > > Anything knows any tool to receive, correlate and > response security information gathering in this > environments (all-in-one)?? > > Thanks in advance. > Bruno > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________________ Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz. http://br.info.mail.yahoo.com/ _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Apr 12 2006 - 10:48:01 PDT