Hi folks, In the company where i work, we are implementing a security standard. A part of this is a log monitoring and reporting software. There are a few requirements, that the software must fulfil: - It must be capable of collecting logs from different devices (Linux machines, network equipment, ...). - it must be capable of sending alarms on security events - it has to generate daily (weekly, monthly) reports - it's a plus if it is easy configurable - it has to have a good support or at least a good community if it is an opensource product So what are you using or at least some recommendations would be nice. An opensource product would be nice, but it's not required. I know i could google it, but it's difficult to decide for a product just from online and marketing presentations. It would be nice to get some real world experience. Thanx -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110303/8253f007/attachment-0002.html>
On 03/03/11 1:12 AM, Janez Kosmrlj wrote:> Hi folks, > In the company where i work, we are implementing a security standard. > A part of this is a log monitoring and reporting software. There are a > few requirements, that the software must fulfil: > - It must be capable of collecting logs from different devices (Linux > machines, network equipment, ...). > - it must be capable of sending alarms on security events > - it has to generate daily (weekly, monthly) reports > - it's a plus if it is easy configurable > - it has to have a good support or at least a good community if it is > an opensource productNagios can probably do all of that. I dunno what you want in those daily/weekly/monthly reports. how many times people logged on and stuff? how many noise packets at your network gateways? the key to any of these systems is configuring the agents to collect the data you want, and deciding whats a security event worthy of an alarm. whether its a commercial system or freeware, you'll be spending a lot of time on that.
On 3/3/11 3:12 AM, Janez Kosmrlj wrote:> Hi folks, > In the company where i work, we are implementing a security standard. A part of > this is a log monitoring and reporting software. There are a few requirements, > that the software must fulfil: > - It must be capable of collecting logs from different devices (Linux machines, > network equipment, ...). > - it must be capable of sending alarms on security events > - it has to generate daily (weekly, monthly) reports > - it's a plus if it is easy configurable > - it has to have a good support or at least a good community if it is an > opensource product > > So what are you using or at least some recommendations would be nice. An > opensource product would be nice, but it's not required. > > I know i could google it, but it's difficult to decide for a product just from > online and marketing presentations. It would be nice to get some real world > experience.OpenNMS is a good snmp monitoring framework with notification/reporting. It doesn't 'collect' logs but you can configure it to receive syslog from other machines and there are a variety of other ways you can pick up data. I'm not sure I'd call it easy to configure, but there are examples on their wiki. http://www.opennms.org -- Les Mikesell lesmikesell at gmail.com
2011/3/3 Janez Kosmrlj <postnalista at googlemail.com>:> Hi folks, > In the company where i work, we are implementing a security standard. A part > of this is a log monitoring and reporting software. There are a few > requirements, that the software must fulfil: > - It must be capable of collecting logs from different devices (Linux > machines, network equipment, ...). > - it must be capable of sending alarms on security events > - it has to generate daily (weekly, monthly) reports > - it's a plus if it is easy configurable > - it has to have a good support or at least a good community if it is an > opensource product > > So what are you using or at least some recommendations would be nice. An > opensource product would be nice, but it's not required. > > I know i could google it, but it's difficult to decide for a product just > from online and marketing presentations. It would be nice to get some real > world experience.syslog + ossec (www.ossec.net) is usually used in high security environments. -- Eero