[logs] Re: Recommended Log analysis tool (follow up)

From: Clayton Dukes (cdukes) (cdukes@private)
Date: Fri Oct 13 2006 - 05:46:11 PDT


Loglogic - Not sure about a reseller in the Philippines, try emailing
Joe Micali @ jmicali@private who works for them, he should be able
to help.

I've tried splunk out and it looked ok, just wasn't what I needed at the
time. It was fairly easy to install, you might want to just give it a go
and see if it fits your needs.


-----Original Message-----
From: Mark Jayson R. Alvarez [mailto:mark.a@private] 
Sent: Friday, October 13, 2006 3:21 AM
To: Clayton Dukes (cdukes)
Cc: loganalysis@private
Subject: Re: [logs] Recommended Log analysis tool (follow up)

On Friday 13 October 2006 09:44, Clayton Dukes (cdukes) wrote:
> Couple of options:
> Free tool:
> php-syslog-ng, which is a tool that I've contributed a lot of code
for.
> More information on it can be found on my NMS Wiki site at 
> http://nms.gdd.net/index.php/Syslog

yes, we're already using it for viewing our
routers'/switches'(cisco/juniper) log files being collected by
syslog-ng. Someone here have recommended splunk, I wonder how can it be
compared to it?


> Commercial:
> LogLogic -- I've been demoing this for a very large customer (~30,000
> devices) and it performs extremely well.

Can you please give me a very little insight on how it does when
compared to sawmill and/or manage engine.. We will use both for our
sonicwall and fortigate firewalls and soon probably for pix and other
firewall products.
I've seen the flash demo presentation and I guess the thing has been
designed absolutely for log management, consolidation, correlation and
reporting.

Do you happen to know any reseller here in the Philippines?

Can it meet the requirements below?

Requirements:
=======================================
* Availability of technical support (ex: 24x7, email, phone, chat, etc.)

* Patch or updating of software is this included or an additonal
expense?

* List of Managed Security Service Providers using the software

* Sizing guidelines - what server specs for X number of clients

* For contingency or redundancy purposes can we mirror the data on
another server and would this entail additional cost?

* Are there steps to backup and resotore data in case of a system crash?

* Would it have a capability to have views for different clients

* Can the reports be exported to a file, if so what formats? PDF, DOC,
etc?

* What reports can be generated:
- # of blocked IPs/Ports
- Source/Dest IP
- IPs, AV, AS report from Fortigate?
- Top Users
- Weekly, Montly, Daily, historical, etc.
- Others PLEASE EXPLORE

* Would the built-in syslog have an ACL facility to avoid being probed
from the public Internet.

* Would it support different logging from various firewall vendor on a
single machine.

* Please list down features outside the above
____________________________________________________________
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Fri Oct 13 2006 - 12:00:57 PDT