Re: Event Log Monitoring - Recommendations

[Greg Williams <gwillia5 () UCCS EDU>]

Greg, for strictly log management I would recommend Splunk.   We put our Splunk deployment in place last year.  The 
goal wasn't event correlation, it was log management so we weren't really looking at a SIEM, such as QRadar, Nitro, 
ArcSight, etc.

I put together a log management policy and matrix before I started looking at products.  It helped narrow down the 
products before we started getting bids.  I can email it to you if you are interested.

Greg Williams
IT Security Principal
University of Colorado at Colorado Springs
Website: http://www.uccs.edu/itsecure
greg.williams () uccs edu<mailto:greg.williams () uccs edu>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Schmalhofer
Sent: Thursday, April 25, 2013 9:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Event Log Monitoring - Recommendations

We do not currently have any product for event log and/or system log monitoring, reporting, and alerting, but are about 
to begin the process of reviewing various products to see what might be the best fit for our environment, needs, and 
budget(small). We are a mix of Windows (AD), HP Unix, and Linux servers with Exchange and Oracle. Please let me know if 
you are able to recommend any product or solution for monitoring logs and providing various reporting and alerting. At 
the recent Educause Security Professionals Conference several individuals had recommended QRadar. Any thoughts or 
feedback on these products and/or any others would be greatly appreciated.


-          QRadar (Q1Labs)

-          What's Up Log Management Suite (IPswitch)

-          GFI Events Manager (GFI)

-          Event Log Analyzer (ManageEngine)

-          StealthWatch (Lancope)

-          Others

Thanks for any and all feedback!

Thanks,
Greg

Greg Schmalhofer
Information Security Coordinator
Millersville University