List Info

Thread: Recommended Log analysis tool (follow up)
Recommended Log analysis tool (follow up)
user name
 2006-10-12 07:04:35 
I just got this information:
The log analysis tool will be used for various firewalls
(fortinet,sonicwall, 
pix etc.)

My boss wants me to know if the tool can handle these
requirements..



____________________________________________________________
____
* Availability of technical support (ex: 24x7, email, phone,
chat, etc.)

* Patch or updating of software is this included or an
additonal expense?

* List of Managed Security Service Providers using the
software

* Sizing guidelines - what server specs for X number of
clients

* For contingency or redundancy purposes can we mirror the
data on another 
server and would this entail additional cost?

* Are there steps to backup and resotore data in case of a
system crash?

* Would it have a capability to have views for different
clients

* Can the reports be exported to a file, if so what formats?
PDF, DOC, 
etc?

* What reports can be generated:
- # of blocked IPs/Ports
- Source/Dest IP
- IPs, AV, AS report from Fortigate?
- Top Users
- Weekly, Montly, Daily, historical, etc.
- Others PLEASE EXPLORE

* Would the built-in syslog have an ACL facility to avoid
being probed 
from the
public Internet.

* Would it support different logging from various firewall
vendor on a 
single machine.

* Please list down features outside the above 
____________________________________________________________
_______________________________________________
LogAnalysis mailing list
LogAnalysislists.shmoo.com
h
ttp://lists.shmoo.com/mailman/listinfo/loganalysis
Recommended Log analysis tool (follow up)
user name
 2006-10-13 17:01:49 

  


  

    Hi Mark,

You may want to take a look at Splunk.  It does most of the things you list below.

You can download a free version from www.splunk.com and give it spin (it runs on *nix).   The free version is fully functional and does not timeout.

Here's a screencast of the product in action:

Feel free to ask me any questions you might have.

Pat-

--
Patrick McGovern
 patsplunk.com">patsplunk.com

splunk> Take the "sh" out of IT.




 

On Oct 12, 2006, at 12:04 AM, Mark Jayson R. Alvarez wrote:

I just got this information:
The log analysis tool will be used for various firewalls (fortinet,sonicwall, 
pix etc.)

My boss wants me to know if the tool can handle these requirements..



________________________________________________________________
* Availability of technical support (ex: 24x7, email, phone, chat, etc.)

* Patch or updating of software is this included or an additonal expense?

* List of Managed Security Service Providers using the software

* Sizing guidelines - what server specs for X number of clients

* For contingency or redundancy purposes can we mirror the data on another 
server and would this entail additional cost?

* Are there steps to backup and resotore data in case of a system crash?

* Would it have a capability to have views for different clients

* Can the reports be exported to a file, if so what formats? PDF, DOC, 
etc?

* What reports can be generated:
- # of blocked IPs/Ports
- Source/Dest IP
- IPs, AV, AS report from Fortigate?
- Top Users
- Weekly, Montly, Daily, historical, etc.
- Others PLEASE EXPLORE

* Would the built-in syslog have an ACL facility to avoid being probed 
from the
public Internet.

* Would it support different logging from various firewall vendor on a 
single machine.

* Please list down features outside the above 
____________________________________________________________
_______________________________________________
LogAnalysis mailing list
 LogAnalysislists.shmoo.com">LogAnalysislists.shmoo.com

 


  

  
  
   
     
    






 [1-2]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )