[logs] Re: Security Management Tool

From: Daniel Cid (danielcid@private)
Date: Wed Apr 12 2006 - 10:35:58 PDT

Hi Bruno,

You can try using the ossec hids. It is open source
and by default it has rules to analyze logs from 
many sources (including linux, firewalls, ids, etc).
In addition to that, you can write very complex
correlation rules and execute responses or e-mail

>From your request, it can receive remote syslog
messages, receive messages from remote agents
(encrypted), correlate these events and respond
(and it is all in one).

*We don't support windows agents yet, but it will
be done soon (for the next version).

*Some information about the rules here:


Hope it helps,

Daniel B. Cid
dcid @ ( at ) ossec.net

--- Bruno Moraes <bdmoraes@private> escreveu:

> Hello All,
> Good Afternoon! I need of a tool that manage
> security events in several environments, as network
> devices (FW, IDS, Routers, Switchs), operational
> systems (Unix, Linux, W2003) and Corporate Systems
> (SAP, HR Systems, etc) .. this in one box.
> Anything knows any tool to receive, correlate and
> response security information gathering  in this
> environments (all-in-one)??
> Thanks in advance.
> Bruno
> > _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis

Abra sua conta no Yahoo! Mail: 1GB de espašo, alertas de e-mail no celular e anti-spam realmente eficaz. 
LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Wed Apr 12 2006 - 10:48:01 PDT