First of all, thank you to those who responded to my last message
regarding syslog load balancing.

I'm currently researching how to best implement a high-peformance, high
volume syslog aggregation. In our current environment, we have many
devices logging to a small set of "front end" syslog agg

[ more ]  [ reply ]

Hi all --

I'm not clear on where to send this question within Cisco's normal support
channels, so I'll take advantage of the various Cisco employees and VARs on
this list to try to answer my question (or give me an idea of where to
direct it).

I am making a list of PIX/ASA log messages related to

[ more ]  [ reply ]

Hi all -- Before I migrated the list to its new server, I used the "must be
a member to post" requirement to keep the amount of spam at a minimum. Since
the move in February, we've had that *disabled*, to help people who didn't
realize that the hosting server had changed, as well as to be sure we h

[ more ]  [ reply ]

My organization is about to embark on a project to fortify our log
capture and analysis infrastructure. One item that I've identified as
being necessary is a load balancer to spread the incoming message stream
(primarily syslog/udp) across our back-end syslog-ng receivers. In the
past we have

[ more ]  [ reply ]

Hello All,

I know that a few of us are already on LinkedIn so I thought I'd share
a newly created Log Analysis Professionals group with everyone. If you
deal with events and logs on a day to day basis (in any capacity) then
this is the group for you :)

Please use the following link to submit your

[ more ]  [ reply ]

Hi,

We have currently outsourced security device[firewall, IDS and VPN]
log monitoring to a service provider.

Now we need to outsource the management of these devices like changing
firewall rulebase, updating firewall patches, fine tuning IDS
signatures etc.

Is it advisable to give this also to

[ more ]  [ reply ]

I'd like to congratulate Adam Laurie for winning the second Powerbook
from the Pwn_to_Own contest as the prize for the best speaker rated
by the audience for his presentation on RFID at CanSecWest 2007.
We will have a similar prize for the best speaker at CanSecWest 2008,
prize TBD (but we promise i

[ more ]  [ reply ]

> The Events and Errors message center is not updated regularly
> (it's interrupt-driven, not polling). It is also possible
> that the Certificate Server events were never delivered to
> EEMC; in the source code they are in a separate file than the
> other security event log events and might h

[ more ]  [ reply ]

I've been interested in expanding our log analysis capabilities and have
come across a number of promising open-source projects out there, but I'm a
little confused as to what each one does and doesn't do. The 2 most popular
seem to be OSSIM and OSSEC-HIDS (I've also run across OpenSIMS as well). I

[ more ]  [ reply ]

Check out my post here :
http://ipintel.blogspot.com/2007/10/2-perl-modules-and-15-database.html

In summary, In an effort to fill the void of all the failed reverse lookups
in my log analysis tool, I wrote a simple perl script that implements a
nameserver, allowing me to pass custom results, which

[ more ]  [ reply ]

With great sadness, I regret to inform you that Itojun
will not be presenting his great knowledge of IPv6 at
PacSec. I have been informed by several sources
that he passed away yesterday.

Funeral services will be held on Nov 7th at Rinkai-Saijo
in Tokyo. There aren't many details of his passing,

[ more ]  [ reply ]