[logs] OSSIM and/or OSSEC-HIDS Oct 31 2007 12:55PM
Brian Bemis (brian_bemis hotmail com)
I've been interested in expanding our log analysis capabilities and have
come across a number of promising open-source projects out there, but I'm a
little confused as to what each one does and doesn't do. The 2 most popular
seem to be OSSIM and OSSEC-HIDS (I've also run across OpenSIMS as well). I
was hoping to get people's opinions of the two (or any other similar open
source tools they may be using). Currently we're using a combination of
Syslog-ng and SNARE (for our MS boxes) for log transmission, Swatch for
real-time alerting, and Splunk for general log management and indexing. I'm
hoping to expand this to include more robust log correlation and reporting.
How have people's experiences been with either OSSIM or OSSEC-HIDS? Is one a
lot better than the other (or are they even comparable... do they do
completely different things)? Can they be used in conjunction with
eachother? Any help or advice would be greatly appreciated.


LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus