|
|
Focus on Microsoft
Re: Fwd: Centralizing Event Viewer Logs Feb 01 2008 04:07PM ottobeli82 yahoo com br (1 replies) RE: Fwd: Centralizing Event Viewer Logs Feb 01 2008 05:27PM James Winzenz (James Winzenz Pulte com) (1 replies) RE: Fwd: Centralizing Event Viewer Logs Feb 01 2008 06:25PM Nick Gage (NGage aflac com) (1 replies) RE: Fwd: Centralizing Event Viewer Logs Feb 01 2008 08:32PM James Winzenz (James Winzenz Pulte com) (1 replies) RE: Fwd: Centralizing Event Viewer Logs Feb 02 2008 02:24AM M. Burnett (mb xato net) (2 replies) RE: Fwd: Centralizing Event Viewer Logs Feb 05 2008 06:39PM Hugo Saavedra (hsaavedra widefense com) (1 replies) RE: Fwd: Centralizing Event Viewer Logs Feb 05 2008 10:57PM James Winzenz (James Winzenz Pulte com) (1 replies) Keeping Logs files for how long? Feb 07 2008 05:26PM Petter Bruland (pbruland fcglv com) (1 replies) RE: Keeping Logs files for how long? Feb 07 2008 06:01PM Thor (Hammer of God) (thor hammerofgod com) (1 replies) |
|
Privacy Statement |
I'm working with eTrust Security Command Center (Computer Associates) from a while (on medium and very big enterprises)
i.e. Our environment up to 1000 source (w2k/w2k3/unix/aix/sun/Cisco Acs/SAP) and about 2.5Million logs at day.
If you need just to collect events without a presentation level you can just have eTrust Audit and a MSSQL or Oracle DB.
If you need a presentation level (a singol point of control and access for Log Manger) you must use the entire eSCC suite.
It works well, but it's not the right prodouct if you need to correlate events.in realtime from many different sources.
Bye
R.
--
Riccardo Biassoni Spike Reply S.r.l
www.reply.it r.biassoni (at) reply (dot) it [email concealed] <mailto:r.biassoni (at) reply (dot) it [email concealed]>
________________________________
Da: listbounce (at) securityfocus (dot) com [email concealed] per conto di M. Burnett
Inviato: sab 02/02/2008 3.24
A: 'James Winzenz'; focus-ms (at) securityfocus (dot) com [email concealed]
Oggetto: RE: Fwd: Centralizing Event Viewer Logs
In a lab environment I have seen enVision go as high as 30,000+ sustained
events per second with just one collector. The thing I like best about
envision is the ability to correlate events from multiple devices and make
your own alerts from that. So if you see too many failed logins in too many
workstation event logs all at once you can be alerted.
M. Burnett
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of James Winzenz
> Sent: Friday, February 01, 2008 1:33 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: Fwd: Centralizing Event Viewer Logs
>
> If we want to start comparing enterprise products, you need to add RSA
> enVision to the list. The system is completely scalable in terms of
> how many events per second it can handle. We have an older HA series
> appliance, which can handle 7500 events per second sustained, with
> burst up to 9750. Newer enterprise level appliances from RSA enVision
> are simply limited by the number of collectors you purchase, with each
> collector capable of 10,000 sustained events per second. Can you tell
> I am biased? I love the features it has - enterprise reporting,
> alerting, ability to collect from windows, syslog, IIS, SQL, Oracle,
> and lots others. We haven't even tapped the potential of our system
> and we are loving what we can do with it. Of course, once you get into
> these products, you are talking about several hundred thousand dollars.
> Not for your average Small-medium sized business.
>
> James Winzenz
> Infrastructure Engineer - Security
> Pulte Homes Information Services
>
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Nick Gage
> Sent: Friday, February 01, 2008 11:26 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: Fwd: Centralizing Event Viewer Logs
>
> Check out Loglogic http://www.loglogic.com <http://www.loglogic.com/>
>
> It will handle up to 4000 mps sustained and can handle spikes up to
> 30000 mps.
>
>
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of James Winzenz
> Sent: Friday, February 01, 2008 12:28 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: Fwd: Centralizing Event Viewer Logs
>
> IMHO, you get what you pay for.
>
> Are you referring to this product?
> http://sourceforge.net/projects/eventlogmonitor/
>
> If so, it looks like it can only deal with windows logs. That is not
> going to get you very far. If you want to know what is going on within
> your network, you really need something that can handle syslog messages
> as well (routers, firewalls, etc.).
>
> Although not pertinent to the product you mentioned, I remembered
> reading on GFI's website about their event log management product.
> They were *boasting* that their collector could handle up to 6 million
> events per hour. That boils down to a paltry 1667 events per second,
> which is absolutely pathetic. A couple of core routers/firewalls could
> easily overwhelm this.
>
> James Winzenz
> Infrastructure Engineer - Security
> Pulte Homes Information Services
>
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
> ottobeli82 (at) yahoo.com (dot) br [email concealed]
> Sent: Friday, February 01, 2008 9:08 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Fwd: Centralizing Event Viewer Logs
>
> Is there someone who already tried the product SB Eventlog Monitor?
>
> I´m thinking about starting some tests in my network (all windows, 2000
> machines) centralizing all the logs in one server, but I would like to
> hear from you any kind of experience with this product.
>
> I would like to know how the product behaves concerning network
> traffic, manageability and event correlation.
>
> CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly
> prohibited. If you have received this communication in error, please
> notify the sender immediately by email and delete the message and any
> file attachments from your computer. Thank you.
>
> CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly
> prohibited. If you have received this communication in error, please
> notify the sender immediately by email and delete the message and any
> file attachments from your computer. Thank you.
--
The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
[ reply ]