[logs] Re: Recommended Log analysis tool (follow up)

• Previous message: Mark Jayson R. Alvarez: "[logs] Recommended Log analysis tool (follow up)"
• Next in thread: Mark Jayson R. Alvarez: "[logs] Re: Recommended Log analysis tool (follow up)"
• Reply: Mark Jayson R. Alvarez: "[logs] Re: Recommended Log analysis tool (follow up)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Couple of options:
Free tool:
php-syslog-ng, which is a tool that I've contributed a lot of code for. 
More information on it can be found on my NMS Wiki site at
http://nms.gdd.net/index.php/Syslog
The nice thing about this tool is it's ability to provide extended
information on Cisco errors (it has a backend db with 27k error message
descriptions).

Commercial:
LogLogic -- I've been demoing this for a very large customer (~30,000
devices) and it performs extremely well.


      |           |        Clayton Dukes
     |||         |||       NMS Consulting Engineer
   .|||||.     .|||||.     Advanced Services
.:|||||||||:.:|||||||||:.  Office: 919.392.6122
 C i s c o S y s t e m s   MSN: cdukes@private 
-----Original Message-----
From: loganalysis-bounces+cdukes=cisco.com@private
[mailto:loganalysis-bounces+cdukes=cisco.com@private] On Behalf
Of Mark Jayson R. Alvarez
Sent: Thursday, October 12, 2006 3:05 AM
To: loganalysis@private
Subject: [logs] Recommended Log analysis tool (follow up)

I just got this information:
The log analysis tool will be used for various firewalls
(fortinet,sonicwall, pix etc.)

My boss wants me to know if the tool can handle these requirements..



________________________________________________________________
* Availability of technical support (ex: 24x7, email, phone, chat, etc.)

* Patch or updating of software is this included or an additonal
expense?

* List of Managed Security Service Providers using the software

* Sizing guidelines - what server specs for X number of clients

* For contingency or redundancy purposes can we mirror the data on
another server and would this entail additional cost?

* Are there steps to backup and resotore data in case of a system crash?

* Would it have a capability to have views for different clients

* Can the reports be exported to a file, if so what formats? PDF, DOC,
etc?

* What reports can be generated:
- # of blocked IPs/Ports
- Source/Dest IP
- IPs, AV, AS report from Fortigate?
- Top Users
- Weekly, Montly, Daily, historical, etc.
- Others PLEASE EXPLORE

* Would the built-in syslog have an ACL facility to avoid being probed
from the public Internet.

* Would it support different logging from various firewall vendor on a
single machine.

* Please list down features outside the above
____________________________________________________________
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Mark Jayson R. Alvarez: "[logs] Recommended Log analysis tool (follow up)"
• Next in thread: Mark Jayson R. Alvarez: "[logs] Re: Recommended Log analysis tool (follow up)"
• Reply: Mark Jayson R. Alvarez: "[logs] Re: Recommended Log analysis tool (follow up)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Oct 12 2006 - 18:55:54 PDT