www.psionics.com LogWatch comes in handy, it's easy to add "flag's" for things that you may want to watch out for (but you should have to add any) and it's very very tweakable so you only get info you need. It works great if you team it up with their HostSentry and PortSentry programs...its a free solution too. Its helped me out alot, i use it when ever i can.
But yea Perl can help you with almost anything you can think off. If you are new 2 perl check out some of the Oreilly book's they're great. Florian Hines Senior Consultant X-Caliber Consulting & Security San Antonio, TX -----Original Message----- From: Chris Berry [mailto:[EMAIL PROTECTED]] Sent: Friday, October 11, 2002 7:09 PM To: [EMAIL PROTECTED] Subject: Re: Security Information Management <ancient oriental advisor mode> You must become strong in the ways of Perl my son, only when your code is pure will you master the way of having vision without looking. </ancient oriental advisor mode> Seriously though, nearly all of the systems you mentioned produce text based log files, a combination of perl scripts to harvest the data and crystal reports to present it, is probably what you're looking for, unless you want an "integrated" solution where the management is built in to some sort of centralized command console, in which case I can't help you. >From: "netsec novice" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Security Information Management >Date: Fri, 11 Oct 2002 19:18:03 +0000 > >I'm going through a somewhat overwhelming evaluation for a SIM solution for >our company. We have several UNIX (AIX) servers, 35+ NT/2000 servers, >SNORT IDS, possible commercial IDS in the future, Command anti-virus, >CheckpointFW, CISCO basic router IDS, Cisco VPN concentrator, 8 cisco >routers and 10 cisco switches. NetForensics looks pretty strong but all of >them have a pretty hefty price tag. I'm looking for any of you out there >who could recommend solutions based on your experience. I will need to >provide management with reports of incidents and activity(justify my job >and other security expenditures). I'm looking for something that makes >managing all of these sets of information somewhat less daunting and that >is somewhat intuitive to use. > >Thanks > > > > >_________________________________________________________________ >Chat with friends online, try MSN Messenger: http://messenger.msn.com Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "I have found the way, and the way is Perl." _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
