Security Basics mailing list archives

RE: syslog

From: "R. Maheswaran" <MaheswaranR () catsglobal co in>
Date: Sat, 25 Sep 2004 01:30:09 +0530
 For the same kind of environment, I am using Computer Associates eTrust
Audit integrated with Security command center for an easy  event management
and consolidation of logs + administration of all the Security
infrastructure from one web based console. 

eTrust Audit addresses these requirements with a superior 
audit collection mechanism that can marshal a wide range of 
audit trail data from a diverse set of systems, applications and 
appliances. In addition, eTrust Audit lets you create and manage 
a centralized policy regarding the retention of this valuable 
information and also provides the following: 
* Consolidated views of the audit information collected 
*Versatile reporting 
* Highly customizable support for creating policies that can be 
used to initiate alert or other actions in response to events 
* Integration with Unicenter® Event Management 
* Integration with the eTrust(tm) Security Command Center 
*Monitor Your Enterprise With Our Leading Auditing Tool 

With eTrust Audit, you can collect security event data from a 
wide range of sources throughout your enterprise, such as the 
following: 
* UNIX servers 
* Windows NT servers 
* Windows 2000 servers 
* Web servers 
* eTrust open systems products 
* eTrust mainframe security products such as eTrust(tm) 
CA-ACF2® Security and eTrust(tm) CA-Top Secret® Security 
* IBM mainframe security products such as RACF 
* And other sources as well 
Plus, eTrust Audit stores this information in a central database 
for easy access and reporting. 
Administrators use eTrust Audit to monitor, respond to alerts, 
and create reports for historical and forensic analysis. Most 
importantly, administrators can collect the audit information 
created by the diverse set of security tools in the enterprise, so 
that they can reference a single source to support the important 
tasks of security analysis (sometimes referred to as analytics) 
required to effectively monitor and manage security in the 
enterprise. 

Mahesh 



-----Original Message-----
From: Anich, Ryan L
To: 'Tran, Nhon'; security-basics () securityfocus com
Sent: 9/24/2004 6:50 PM
Subject: RE: syslog

I am not sure how in depth you are planning to go with your strategy,
but
this is what I am looking at for a solution for my company.

http://www.arcsight.com/

 

-----Original Message-----
From: Tran, Nhon [mailto:Nhon.Tran () logicacmg com] 
Sent: Monday, September 20, 2004 2:36 AM
To: security-basics () securityfocus com
Subject: syslog

Hi all
One of the companies I support wants to implement a syslog strategy for
all
their infrasturcture devices.. Unix boxes, windows server, cisco comms
devices. To hopefully capture all the logs, we're talking about lots of
logs, their domain servers log about 300K items a day!.. Unix boxes log
heaps too about 70K per day per server!.. They have around 80 unix
server,
120 windows servers and about 150 comms devices.. Any idea what the best
way
to go about this would be, also any suggestions of what log analysis
software to use?
Nhon

This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left behind
by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----

------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left behind
by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----
Current thread:

syslog Tran, Nhon (Sep 23)
- <Possible follow-ups>
- RE: syslog Anich, Ryan L (Sep 24)
  - Re: syslog Thomas Harris (Sep 27)
    - Re: syslog Ramon Kagan (Sep 30)
- RE: syslog Michael Shirk (Sep 25)
- RE: syslog R. Maheswaran (Sep 27)
- RE: syslog Clarke, Tyronne (Contractor) (Sep 28)