[logs] Re: Security Management Tool

From: Daniel Cid (danielcid@private)
Date: Wed Apr 12 2006 - 10:35:58 PDT


Hi Bruno,

You can try using the ossec hids. It is open source
and by default it has rules to analyze logs from 
many sources (including linux, firewalls, ids, etc).
In addition to that, you can write very complex
correlation rules and execute responses or e-mail
alerts...

>From your request, it can receive remote syslog
messages, receive messages from remote agents
(encrypted), correlate these events and respond
(and it is all in one).

*We don't support windows agents yet, but it will
be done soon (for the next version).

*Some information about the rules here:
http://lists.shmoo.com/pipermail/loganalysis/
2006-March/002998.html

http://www.ossec.net 


Hope it helps,

--
Daniel B. Cid
dcid @ ( at ) ossec.net
http://www.ossec.net

--- Bruno Moraes <bdmoraes@private> escreveu:

> Hello All,
> 
> Good Afternoon! I need of a tool that manage
> security events in several environments, as network
> devices (FW, IDS, Routers, Switchs), operational
> systems (Unix, Linux, W2003) and Corporate Systems
> (SAP, HR Systems, etc) .. this in one box.
> 
> Anything knows any tool to receive, correlate and
> response security information gathering  in this
> environments (all-in-one)??
> 
> Thanks in advance.
> Bruno
> > _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
> 



		
_______________________________________________________ 
Abra sua conta no Yahoo! Mail: 1GB de espašo, alertas de e-mail no celular e anti-spam realmente eficaz. 
http://br.info.mail.yahoo.com/
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Wed Apr 12 2006 - 10:48:01 PDT