Fwd: RE: syslog management

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sorry for late...
qualcuno kiedeva di un syslog in win
suggerisco l'intero thread in questa ml e questo post in particolare

- ----------  Forwarded Message  ----------

Subject: RE: syslog management
Date: Wed, 19 Jun 2002 12:33:30 -0400
From: "Garbrecht, Frederick" <FGarbrecht@ecogchair.org>
To: "'Wang, Jack'" <Wang@Security-Card.com>, focus-ids@lists.securityfocus.com

I use the Winsyslog group of products with success to do everything you've
specified in your list.  Winsyslog can log to a database or multiple
databases for files according to your specifications, and it can alert you
in a number of ways (including email), also according to whatever
specifications you supply.  It records the original source by IP and can
also do name resolution if you want, and will timestamp and notify you of
the syslog facility and priority settings as well. The companion product
EventReporter can implement syslog reporting of event log activity in
windows systems, so anything that gets sent to the windows event logs can be
sent to your central syslog demon.  Monilog can go through your collected
winsyslog datafiles and produce reports for you as well.  Personally, we use
monilog for producing quick and dirty reports, and MS Access for doing more
complex analysis of the datafiles.  One limitation of monilog at this point
is that is produces reports from syslog messages sent by EventReporter only;
therefore, if you have routers, etc that you are collecting from, you'll
need another way to analyze them (using an external database is how I do
it).  I have no affiliation with Adiscon; just a happy user - I think
they've put together a really nice suite of programs that work well and fill
a niche in the Windows world that is otherwise poorly represented.  I've
also used Kiwi, which I also like, but the suite of programs from Adiscon
has more overall capability and is easier to set up quickly (at least in my
fumbling hands).

Best,

Fred Garbrecht

- -----Original Message-----
From: Wang, Jack [mailto:Wang@Security-Card.com]
Sent: Wednesday, June 19, 2002 11:05 AM
To: focus-ids@lists.securityfocus.com
Subject: syslog management


Hi all:

Is there a good software to manage the huge amount of syslog generated by
Network equipment, IDS etc?

I have tested Kiwi syslog, winsyslog, syslogd.exe etc. In my opinion, the
ideal one should be as following:

- --able to classify the log according to source
- --able to save into file (.txt, or db)
- --able to set up the rows of display
- --able to send email message

Or any further comments will be appreciated.

Best Regards,
Jack

- -------------------------------------------------------

- -- 
Maurizio Marini			GSM +39-335-8259739
Altamura: +39-080-3105228	Fax +39-080-3105228
Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9n/ZC4Q/49nIJTlwRAoFMAJ0bCFaBcBFZ8zhu2hvMh8mEGRy+AwCfYZxy
5zUxdsXFuy/uAGE6hIOlJjs=
=BpH/
-----END PGP SIGNATURE-----

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List