LogAnalysis
[logs] Open Source centralized log management/SIEM solutions Apr 26 2010 03:03PM
Youngquist, Jason R. (jryoungquist ccis edu) (2 replies)
RE: [logs] Open Source centralized log management/SIEM solutions Apr 27 2010 04:56PM
Starks, Michael (Michael Starks atosorigin com)
RE: [logs] Open Source centralized log management/SIEM solutions Apr 26 2010 05:38PM
Sandy Bird (sandy bird Q1Labs com) (2 replies)
RE: [logs] Open Source centralized log management/SIEM solutions Apr 26 2010 09:10PM
Kevin Reiter (KReiter insidefsi net)
Re: [logs] Open Source centralized log management/SIEM solutions Apr 26 2010 05:49PM
Harry Hoffman (hhoffman ip-solutions net) (1 replies)
RE: [logs] Open Source centralized log management/SIEM solutions Apr 27 2010 12:07PM
Soldatov, Sergey V. (SVSoldatov tnk-bp com)
Hello,
I'd like to add a little bit more
Syslog-ng + SEC (http://simple-evcorr.sourceforge.net/ )

> -----Original Message-----
> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed] [mailto:loganalysis-
> bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of Harry Hoffman
> Sent: Monday, April 26, 2010 9:49 PM
> To: Sandy Bird
> Cc: loganalysis (at) loganalysis (dot) org [email concealed]
> Subject: Re: [logs] Open Source centralized log management/SIEM
> solutions
>
> What about octopussy? It's free, and perl
>
> http://www.8pussy.org/doku.php
>
> Cheers,
> Harry
>
>
> Sandy Bird wrote:
> > Wow, people still use this list? I think the last post was from
> Anton
> > back at the first of the year.
> >
> >
> >
> > Honestly, assuming you want true open source, it will be a struggle.
> > OSSIM (now AlienVault) is as close as you can probably get. I would
> > guess it is becoming more "free" and less opensource by the day. If
> you
> > are looking for "free" and not open source you have a few additional
> > options. We have QRadar Slim Free Edition, but the free version is
> only
> > good to 50 EPS... After 50 EPS you have to purchase appliances and
> > licenses. The alerting and most of the correlation still works in
the
> > free version, but you lose the offense manager as well as asset and
> > identity tracking. Splunk is another option (although might be a
> > struggle for some of your alerting), and again the free version
> limits
> > the amount of data you can deal with, or you have to purchase
> licenses.
> >
> >
> >
> > Syslog-ng, grep and perl are always an option J... only half joking
> here...
> >
> >
> >
> > Sandy
> >
> >
> >
> > *From:* loganalysis-bounces (at) loganalysis (dot) org [email concealed]
> > [mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] *On Behalf Of
> *Youngquist,
> > Jason R.
> > *Sent:* Monday, April 26, 2010 12:04 PM
> > *To:* 'loganalysis (at) loganalysis (dot) org [email concealed]'
> > *Subject:* [logs] Open Source centralized log management/SIEM
> solutions
> >
> >
> >
> > Is anyone using any Open Source or low cost centralized log
> > management/SIEM solution in a production environment which you would
> > recommend?
> >
> >
> >
> > Specifically, I'm looking for:
> >
> > --scalability - must be able to handle hundreds of log sources -
> > majority being servers and network devices
> >
> > --good searching capability
> >
> > --ability to generate alerts
> >
> > --good reporting capability - pre-built reports would be nice
> >
> > --a solution auditors would approve
> >
> > --able to meet regulatory requirements such as PCI
> >
> > --fast implementation time - how long would it take to get the
> solution
> > up and running?
> >
> >
> >
> >
> >
> > There are more things I'd like, but these are the big requirements.
> >
> >
> >
> >
> >
> > If an Open Source solution, are there any companies that offer
> > professional services (ie. consulting/configuration assistance) so
we
> > could hit the ground running and not have to spend weeks/months
> > configuring/creating rules/reports, etc. Ideally, the solution
> should
> > have some commercial support behind it so if we run into any issues
> we
> > can speak to a knowledgeable person.
> >
> >
> >
> >
> >
> > For those QSAs out there, are there any Open Source solutions/low-
> cost
> > solutions that you have seen implemented well and meet the PCI
> > regulatory guidelines? If so, what were they? If not, what were
> they
> > lacking that commercial products provide?
> >
> >
> >
> >
> >
> > For those of you with a home-grown/Open Source log management
> solution,
> > do you agree with the Gartner quote below? Why/why not?
> >
> > According to Gartner researchers, "Although [home-grown log
> management]
> > may prove effective for a limited set of data sources with clearly
> > defined "strings" that the organization is searching for, most
> > organizations quickly run into scalability issues, as well as issues
> > using the data for situational awareness in support of incident
> > response. In most cases, internally developed centralized
application
> > log solutions will fall short of meeting organizational
> requirements."
> >
> >
> >
> > If you had to do it again would you "roll your own solution" or
> purchase
> > a commercial log management product?
> >
> >
> >
> >
> >
> > Appreciate any information you can provide.
> >
> >
> >
> >
> >
> > Thanks.
> >
> > Jason Youngquist
> >
> > Information Technology Security Engineer, Security+
> >
> > Technology Services
> >
> > Columbia College
> >
> > 1001 Rogers Street, Columbia, MO 65216
> >
> > (573) 875-7334
> >
> > jryoungquist (at) ccis (dot) edu [email concealed]
> >
> > http://www.ccis.edu
> >
> >
> >
> >
> >
> >
> >
---------------------------------------------------------------------
> ---
> >
> > _______________________________________________
> > LogAnalysis mailing list
> > LogAnalysis (at) loganalysis (dot) org [email concealed]
> > http://www.loganalysis.org/mailman/listinfo/loganalysis
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus