Re: Log Management

[Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>]

We use and I'd recommend you certainly look at the Nitrosecurity solution
for centralized log management.  It's very fast, powerful with a lot under
the hood for the techies, excellent presentation of information, but is
quite easy to deploy.  

Feel free to contact me off-list if you'd more details.

Thanks,

Dexter Caldwell
Information Security Administrator
Computing & Information Services
Furman University
3300 Poinsett Hwy
Greenville, SC 29613
email: dexter.caldwell () furman edu
office: 864-294-3566
facsimile: 864-294.3001

The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:
> I am looking to see what other institutions are using to manage their
> event/system log files.  
>
> Currently I have Snare installed on our Windows servers and sending the
> events to a syslog server.  That server originally had Prelude IDS
> installed and I was using Prewikka to view the logs as needed.  The
> problem with Prelude IDS/Prewikka is that accessing the database is
> painfully slow unless you purchase the database module for fast access.
> The other option I tested was Splunk which I liked, but because it
> access Windows systems using WMI it looked like the some of the Windows
> virtual machines took a performance hit (according to our Technical
> Director).  Right now, I query the logs on the syslog server using
> customized Perl scripts whenever an information request is made.  We are
> making some changes to our environment and would like to get something
> setup that is a little better than using Perl scripts on the CLI.  
>
> Stanley M. Hammond
> Information Security Specialist
> Cape Cod Community College
> Email: shammond () capecod edu