|
|
Colapse all |
Post message
[logs] Open Source centralized log management/SIEM solutions 2010-04-26 Youngquist, Jason R. (jryoungquist ccis edu) (2 replies) RE: [logs] Open Source centralized log management/SIEM solutions 2010-04-27 Starks, Michael (Michael Starks atosorigin com) RE: [logs] Open Source centralized log management/SIEM solutions 2010-04-26 Sandy Bird (sandy bird Q1Labs com) (2 replies) RE: [logs] Open Source centralized log management/SIEM solutions 2010-04-26 Kevin Reiter (KReiter insidefsi net) Re: [logs] Open Source centralized log management/SIEM solutions 2010-04-26 Harry Hoffman (hhoffman ip-solutions net) (1 replies) RE: [logs] Open Source centralized log management/SIEM solutions 2010-04-27 Soldatov, Sergey V. (SVSoldatov tnk-bp com) [logs] Fwd: Simple Log Review Checklist out 2010-03-22 Anton Chuvakin (anton chuvakin org) All, Somehow I completely forgot about this mailing list when I released this checklist, but here it is: The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident. It can also be used for routine periodic log review. Y [ more ] [ reply ] RE: [logs] Difficulty downloading sample log files 2010-02-08 Batchu, Arun (arun batchu verizonbusiness com) Dan, Thank you! -----Original Message----- From: Daniel Cid [mailto:dcid (at) ossec (dot) net [email concealed]] Sent: Monday, February 08, 2010 9:28 AM To: Batchu, Arun Cc: loganalysis (at) loganalysis (dot) org [email concealed] Subject: Re: [logs] Difficulty downloading sample log files Hey, You can get lots of log samples from here too: http://www. [ more ] [ reply ] [logs] logsurfer: test config file: ´.*´ - - - 0 exec "/bin/echo $0" 2009-10-29 J4 (junk4 klunky co uk) Dear all log analysers, I compiled & installed logsurfer1.5b from Source Forge. The logsurfer man page states that when I use a configuration file containing this line then all std in ought to be sent to std out. ´.*´ - - - 0 exec "/bin/echo $0" Just to check that echo is there, # which echo /bi [ more ] [ reply ] [logs] Send windows log events to syslog 2009-10-16 ron dilley (ron dilley gmail com) List,I needed to add support for Unicode in my simple login tracker. While poking around in the source, I added a few more features to make is a bit easier to use. If you have a small, medium or large Windows environment, you probably struggle with mapping actions in your firewalls or IDS logs bac [ more ] [ reply ] [logs] Windows Log Analysis 2009-10-08 chris misztur (chrismisztur yahoo com) (1 replies) I've put this project off to the side since mid-2008 but I'm back at it (http://sync-io.net/go/blog/2008/06/18/EventCollectorSubscribingHTTPXP20 03ClientsPost1.aspx). I've been thinking up ways to utilize Windows Event Collector(http://msdn.microsoft.com/en-us/library/bb427443(VS.85).aspx) to colle [ more ] [ reply ] [logs] ASDIC traffic log monitor for GNU/Linux released 2009-05-29 Mikael Kuisma (kuisma ping se) Hello list, We at Ping have just released our traffic log monitoring & analysis tool ASDIC for the GNU/Linux platform. You find it at http://www.ping.se/ASDIC/Overview It should install on most Debian-based (64bit Intel) distributions (e.g. Ubuntu), but since this is the very first GNU/Linux di [ more ] [ reply ] [logs] OSSEC v2.0 released 2009-03-03 Daniel Cid (dcid ossec net) Hi list, The OSSEC team is pleased to announce the general availability of OSSEC version 2.0. This new version is the first one with support for agentless monitoring and include many others new features and bug fixes: *Compiled Rules - Per popular demand, we are introducing the capability in [ more ] [ reply ] [logs] CanSecWest 2009 Speakers and Dojo courses (Mar 14-20) 2009-02-16 Dragos Ruiu (dr kyx net) Final Speaker Lineup for CanSecWest 2009 (March 18-20): =============================================== The Smart-Phones Nightmare - Sergio 'shadown' Alvarez Getting into the SMRAM: SMM Reloaded - Loíc Duflot Network design for effective HTTP traffic filtering - Jeff "rfp" Forristal, Zscaler N [ more ] [ reply ] [logs] Log Analysis and Visualization Workshop 2009-01-28 Raffael Marty (rmarty splunk com) I am teaching a workshop on "Log Analysis and Security Visualization" on March 9th and 10th in Boston, as part of SOURCEBoston. Sign-up now: http://www.sourceconference.com/index.php/source-boston-2009/boston-2009 -training Do you have piles of logs lying around? Do you know what your machine [ more ] [ reply ] [logs] Picviz 0.4 released 2008-10-27 Sebastien Tricaud (stricaud inl fr) Picviz 'Needle 24/7' 0.4 is *out*. NEWS ==== I will give a lecture on Picviz for the upcoming Usenix Workshop on the Analysis of System Logs (WASL 08) in San Diego. This is a good opportunity to meet and learn what you can do with Picviz. More information available on the conference website: http [ more ] [ reply ] [logs] syslog-ng windows agent question 2008-10-21 Patrick Hull (nethead69 gmail com) We are evaluating some options/products for sending Windows event and other logs to our syslog-ng servers. When running the Windows syslog-ng agent, we are seeing 2 issues: - Multiple events per line are being generated from the windows agent, lines are terminated, and continued on the next line. [ more ] [ reply ] RE: [logs] FW: Query on NTSyslog for vista 2008-10-17 Erik Norman (erik norman datagram se) Jebaraj, I'll try to answer your questions: Q1) NTSyslog was depended on .NET (2.0) . Has this dependency been removed from SyslogAgent? or Has it been included as part of the Setup for syslogagent? A: NTSyslog was made a long time ago, in standard c code. SyslogAgent is written in c and c++ i [ more ] [ reply ] [logs] Time for another discussion? 2008-10-08 Anton Chuvakin (anton chuvakin org) All, Not to self-promote, but to launch a possibly fun discussion: http://www.slideshare.net/anton_chuvakin/grand-challenges-of-log-managem ent-presentation Best, -- Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org http://chuvakin.blogspot.com http://www.info-secure.org [ more ] [ reply ] [logs] FW: Query on NTSyslog for vista 2008-09-29 Tina Bird (tbird precision-guesswork com) (2 replies) _____ From: mailman-bounces (at) loganalysis (dot) org [email concealed] [mailto:mailman-bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of Daniel Jebaraj-JDANIEL1 Sent: Friday, September 26, 2008 9:46 AM To: loganalysis-owner (at) loganalysis (dot) org [email concealed] Subject: Query on NTSyslog for vista Hi There, I have been looking at using NTSy [ more ] [ reply ] RE: [logs] FW: Query on NTSyslog for vista 2008-09-30 Erik Norman (erik norman datagram se) (2 replies) RE: [logs] FW: Query on NTSyslog for vista 2008-10-16 Daniel Jebaraj-JDANIEL1 (JDANIEL1 motorola com) RE: [logs] FW: Query on NTSyslog for vista 2008-09-30 Daniel Jebaraj-JDANIEL1 (JDANIEL1 motorola com) [logs] Call for SNORT raw logs 2008-09-29 Stefano Zanero (zanero elet polimi it) Hi all, in order to test a couple of systems, I would really need a bunch of Snort raw logs in any format, anonymized in the way you prefer. I can use my own but that would be hardly a general or conclusive test... so if anybody can contribute I'll be obliged :) -- Cordiali saluti, Stefano Zaner [ more ] [ reply ] [logs] Picviz 0.3 released 2008-09-20 Sebastien Tricaud (stricaud inl fr) Picviz 'good coffee' 0.3 is *out*. ...to have a good coffee, we must filter it! What is Picviz ? ================ Picviz is a parallel coordinates plotter, written to help people finding a needle in a haystack when dealing with numerous events on their system and struggling to maintain an acceptab [ more ] [ reply ] [logs] OSSEC v1.6 released 2008-09-02 Daniel Cid (dcid ossec net) Hi list, The OSSEC team is pleased to announce the general availability of OSSEC version 1.6. OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs [ more ] [ reply ] |
|
Privacy Statement |
Specifically, I'm looking for:
--scalability - must be able to handle hundreds of log sources - majority being servers and network devices
--good searching
[ more ] [ reply ]