-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It's not that hard to setup syslog-ng/rsyslog server to simply collect logs. If you want to "detect" bad things via the log, check out the Sagan log analysis engine. If you're familiar with Snort, then you already know Sagan (basically). That project is at http://sagan.quadrantsec.com > Unfortunately I can't give to much away as it is part of a > commercial project, at the moment they just want me to evaluate how > easy it is to set up and the gain an idea of how much data is > generated each day. > > I'll have a look at OSSEC as well but I think from what I've been > told that a simple syslog server with Snare to grab logs from > Windows will do what they want. > > Robin - -- - - Champ Clark III ([email protected]) Quadrant Information Security (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJQ6vRgAAoJENnmXt7Lmc3KpWkH/2oU0sD6eGMe0rBozNCP2J5z xwbyuYqEB7F+xwmqu1qjAM2QYWHOmjleXE3dkwEntyepLPXrZ0A/WcE2v/OUfxCz gwPKZrgAr1OwVu0So/LvbbBNK8A1sLlyLN87mWXsAi+jUftFgeYkqDXwDl62wXLM kwIXM2E3t+91ikH8zJ2GbN1ahQAtnB2KAlPJl3IdBKDIApj+cya4Zq5lAFKf/Eyn netiU4jeJuYaNQNUnQSCDI+LY+dil4d8tDK+R1KTJoHotsTGjKXrrdmrNdg4jhL4 +CcTGb4AUpWnYxXCcxv9taUxNOL1a5Z0zeTvGYO5MI86rgS0bT5LqzUAsGWAkt0= =PBIR -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
