LogAnalysis
[logs] Open Source centralized log management/SIEM solutions Apr 26 2010 03:03PM
Youngquist, Jason R. (jryoungquist ccis edu) (2 replies)
RE: [logs] Open Source centralized log management/SIEM solutions Apr 27 2010 04:56PM
Starks, Michael (Michael Starks atosorigin com)
RE: [logs] Open Source centralized log management/SIEM solutions Apr 26 2010 05:38PM
Sandy Bird (sandy bird Q1Labs com) (2 replies)
RE: [logs] Open Source centralized log management/SIEM solutions Apr 26 2010 09:10PM
Kevin Reiter (KReiter insidefsi net)
Re: [logs] Open Source centralized log management/SIEM solutions Apr 26 2010 05:49PM
Harry Hoffman (hhoffman ip-solutions net) (1 replies)
What about octopussy? It's free, and perl

http://www.8pussy.org/doku.php

Cheers,
Harry

Sandy Bird wrote:
> Wow, people still use this list? I think the last post was from Anton
> back at the first of the year.
>
>
>
> Honestly, assuming you want true open source, it will be a struggle.
> OSSIM (now AlienVault) is as close as you can probably get. I would
> guess it is becoming more ?free? and less opensource by the day. If you
> are looking for ?free? and not open source you have a few additional
> options. We have QRadar Slim Free Edition, but the free version is only
> good to 50 EPS? After 50 EPS you have to purchase appliances and
> licenses. The alerting and most of the correlation still works in the
> free version, but you lose the offense manager as well as asset and
> identity tracking. Splunk is another option (although might be a
> struggle for some of your alerting), and again the free version limits
> the amount of data you can deal with, or you have to purchase licenses.
>
>
>
> Syslog-ng, grep and perl are always an option J? only half joking here?
>
>
>
> Sandy
>
>
>
> *From:* loganalysis-bounces (at) loganalysis (dot) org [email concealed]
> [mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] *On Behalf Of *Youngquist,
> Jason R.
> *Sent:* Monday, April 26, 2010 12:04 PM
> *To:* 'loganalysis (at) loganalysis (dot) org [email concealed]'
> *Subject:* [logs] Open Source centralized log management/SIEM solutions
>
>
>
> Is anyone using any Open Source or low cost centralized log
> management/SIEM solution in a production environment which you would
> recommend?
>
>
>
> Specifically, I'm looking for:
>
> --scalability - must be able to handle hundreds of log sources -
> majority being servers and network devices
>
> --good searching capability
>
> --ability to generate alerts
>
> --good reporting capability ? pre-built reports would be nice
>
> --a solution auditors would approve
>
> --able to meet regulatory requirements such as PCI
>
> --fast implementation time ? how long would it take to get the solution
> up and running?
>
>
>
>
>
> There are more things I?d like, but these are the big requirements.
>
>
>
>
>
> If an Open Source solution, are there any companies that offer
> professional services (ie. consulting/configuration assistance) so we
> could hit the ground running and not have to spend weeks/months
> configuring/creating rules/reports, etc. Ideally, the solution should
> have some commercial support behind it so if we run into any issues we
> can speak to a knowledgeable person.
>
>
>
>
>
> For those QSAs out there, are there any Open Source solutions/low-cost
> solutions that you have seen implemented well and meet the PCI
> regulatory guidelines? If so, what were they? If not, what were they
> lacking that commercial products provide?
>
>
>
>
>
> For those of you with a home-grown/Open Source log management solution,
> do you agree with the Gartner quote below? Why/why not?
>
> According to Gartner researchers, "Although [home-grown log management]
> may prove effective for a limited set of data sources with clearly
> defined "strings" that the organization is searching for, most
> organizations quickly run into scalability issues, as well as issues
> using the data for situational awareness in support of incident
> response. In most cases, internally developed centralized application
> log solutions will fall short of meeting organizational requirements."
>
>
>
> If you had to do it again would you ?roll your own solution? or purchase
> a commercial log management product?
>
>
>
>
>
> Appreciate any information you can provide.
>
>
>
>
>
> Thanks.
>
> Jason Youngquist
>
> Information Technology Security Engineer, Security+
>
> Technology Services
>
> Columbia College
>
> 1001 Rogers Street, Columbia, MO 65216
>
> (573) 875-7334
>
> jryoungquist (at) ccis (dot) edu [email concealed]
>
> http://www.ccis.edu
>
>
>
>
>
>
> ------------------------------------------------------------------------

>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
RE: [logs] Open Source centralized log management/SIEM solutions Apr 27 2010 12:07PM
Soldatov, Sergey V. (SVSoldatov tnk-bp com)


 

Privacy Statement
Copyright 2010, SecurityFocus