Event Log Monitor Program

     I'm looking for a good event log program that can
consolidate all my event logs from my servers into one
location. Then I can report on them and such. We purchased
GFI Security Event Log Monitor but we find the program
cumbersome at best and doesn't give you any insight on some
of the event messages that are produced.  I'd like to know
if there is a freeware/opensource solution.  I know GFI has
recently come out with the Successor to SELM called
EventsManager but we'd like to look into some other products
that are out there first.

Any replies would be greatly appreciated.

Thank you,

Adam

Tenable's Log Correlation Engine is one very good
product............not open source though

http://www.nessus
.org/products/lce/


On 9/20/07, Adam Savage <Adam_Savageskillsoft.com> wrote:
>      I'm looking for a good event log program that can
consolidate all my
> event logs from my servers into one location. Then I
can report on them and
> such. We purchased GFI Security Event Log Monitor but
we find the program
> cumbersome at best and doesn't give you any insight on
some of the event
> messages that are produced.  I'd like to know if there
is a
> freeware/opensource solution.  I know GFI has recently
come out with the
> Successor to SELM called EventsManager but we'd like to
look into some other
> products that are out there first.
>
> Any replies would be greatly appreciated.
>
> Thank you,
>
> Adam
>

If you have the money.... (I know you are looking for an
OSS/freeware, but but but) take a look at Splunk.

They have two different licensing models. One if you log
more than 500 MB of data (I think), then you need to
purchase a license. And if you log less than 500 MB of data,
it's free although some features are missing.

Once I get an IT budget again, I'll try to get the pay
version, as it's the best log analysis app I have ever
seen.
Not only can you do Event viewer logs, it can also do IIS
logs, Syslog etc.
We're in the housing market... and currently that's not so
hot :-(

And the alerting feature is very cool, where you can setup
rules to email you if a certain event is logged (guess the
GFI does that too sort of).

Anyway, that's my two cents. Hopefully someone else responds
and tells us that they know of a much better product for
free 


-P 

-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of Adam Savage
Sent: Thursday, September 20, 2007 12:11 PM
To: security-basicssecurityfocus.com
Subject: Event Log Monitor Program

     I'm looking for a good event log program that can
consolidate all my event logs from my servers into one
location. Then I can report on them and such. We purchased
GFI Security Event Log Monitor but we find the program
cumbersome at best and doesn't give you any insight on some
of the event messages that are produced.  I'd like to know
if there is a freeware/opensource solution.  I know GFI has
recently come out with the Successor to SELM called
EventsManager but we'd like to look into some other products
that are out there first.

Any replies would be greatly appreciated.

Thank you,

Adam

On each server, I'd place either the Snare client
(http://www.intersect
alliance.com - it's open source) or evtsys
(google for it, I don't have the URL handy) - these format
the events
and send them out via syslog. To collect the logs, it
depends on what
you want to do, but the Kiwi syslog server is free or damn
cheap (the
free version won't log to ODBC or do a couple of other
useful things,
the pay version will, and last I looked, the pay version was
around
US$100.00) and really good, or set up a *nix box (I like
FreeBSD) .

As a possible alternative, OSSEC might be worth your while.
http://www.ossec.org -
it's a HIDS package that seems very
interesting, though I haven't had time to play with it yet.

Kurt

On 9/20/07, Adam Savage <Adam_Savageskillsoft.com> wrote:
>  I'm looking for a good event log program that can
consolidate all my event logs from my servers into one
location. Then I can report on them and such. We purchased
GFI Security Event Log Monitor but we find the program
cumbersome at best and doesn't give you any insight on some
of the event messages that are produced. I'd like to know if
there is a freeware/opensource solution. I know GFI has
recently come out with the Successor to SELM called
EventsManager but we'd like to look into some other products
that are out there first.
>
> Any replies would be greatly appreciated.
>
> Thank you,
>
> Adam
>

 >I'm looking for a good event log program that can
consolidate all my event logs from my servers into one
location.

I've been looking at EventTracker by Prism Microsystems
http://www.eventlogma
nager.com/ and the ELM products by TNT
Software http://www.tnts
oftware.com/Products/.

I haven't used either, but like what I see from
EventTracker.

Roger

-----Original Message-----
From: listbouncesecurityfocus.com
[mailto:listbouncesecurityfocus.com] On Behalf Of Adam
Savage
Sent: Thursday, September 20, 2007 2:11 PM
To: security-basicssecurityfocus.com
Subject: Event Log Monitor Program

     I'm looking for a good event log program that can
consolidate all my event logs from my servers into one
location. Then I can report on them and such. We purchased
GFI Security Event Log Monitor but we find the program
cumbersome at best and doesn't give you any insight on some
of the event messages that are produced.  I'd like to know
if there is a freeware/opensource solution.  I know GFI has
recently come out with the Successor to SELM called
EventsManager but we'd like to look into some other
products
that are out there first.

Any replies would be greatly appreciated.

Thank you,

Adam

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ossec is actually a very good HIDS logging-event notifier.

You can change any log notifications using simple XML
rulesets.It is
really easy to configure ( server=agent ).
All logs you want can written easily (no API's).Just simple
XML.They
can be sent to any address you specify.

Sometimes there is a problem with simple SMTP because the
OSSEC
drivers use their own mailer.This can be a problem if not
configured
correctly.

Surely, you can configure your own POP and SMTP.

Excellent for our needs.

Cheers,  Redwolves rule


Kurt Buff wrote:
> On each server, I'd place either the Snare client
> (http://www.intersect
alliance.com - it's open source) or evtsys
> (google for it, I don't have the URL handy) - these
format the
> events and send them out via syslog. To collect the
logs, it
> depends on what you want to do, but the Kiwi syslog
server is free
> or damn cheap (the free version won't log to ODBC or do
a couple of
> other useful things, the pay version will, and last I
looked, the
> pay version was around US$100.00) and really good, or
set up a *nix
> box (I like FreeBSD) .
>
> As a possible alternative, OSSEC might be worth your
while.
> http://www.ossec.org
- it's a HIDS package that seems very
> interesting, though I haven't had time to play with it
yet.
>
> Kurt
>
> On 9/20/07, Adam Savage <Adam_Savageskillsoft.com> wrote:
>> I'm looking for a good event log program that can
consolidate all
>> my event logs from my servers into one location.
Then I can
>> report on them and such. We purchased GFI Security
Event Log
>> Monitor but we find the program cumbersome at best
and doesn't
>> give you any insight on some of the event messages
that are
>> produced. I'd like to know if there is a
freeware/opensource
>> solution. I know GFI has recently come out with the
Successor to
>> SELM called EventsManager but we'd like to look
into some other
>> products that are out there first.
>>
>> Any replies would be greatly appreciated.
>>
>> Thank you,
>>
>> Adam
>>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


iD8DBQFG82OYsrt057ENXO4RAnzbAJ9R3sw43twTgARVTSfb8bEJwFYfYACg
iOMD
dou1UBoK6Sloe+VESURbtpE=
=mqh1
-----END PGP SIGNATURE-----

Hi

Have a look at tier-3 - http://www.tier-3.com/

We are currently looking at their log correlation offering
and it
appears pretty good with some nice features such as adding
the log
servers time as a extra field (the recorded time is
preserved also) -
this makes tracking events across multiple systems much
easier if your
implementation of ntp is not perfect.

Cheers

K



-----Original Message-----
From: listbouncesecurityfocus.com
[mailto:listbouncesecurityfocus.com] On Behalf Of Roger
Onken
Sent: 21 September 2007 14:10
To: security-basicssecurityfocus.com
Subject: RE: Event Log Monitor Program


 >I'm looking for a good event log program that can
consolidate all my event logs from my servers into one
location.

I've been looking at EventTracker by Prism Microsystems
http://www.eventlogma
nager.com/ and the ELM products by TNT
Software http://www.tnts
oftware.com/Products/.

I haven't used either, but like what I see from
EventTracker.

Roger

-----Original Message-----
From: listbouncesecurityfocus.com
[mailto:listbouncesecurityfocus.com] On Behalf Of Adam
Savage
Sent: Thursday, September 20, 2007 2:11 PM
To: security-basicssecurityfocus.com
Subject: Event Log Monitor Program

 I'm looking for a good event log program that can
consolidate all my event logs from my servers into one
location. Then I can report on them and such. We purchased
GFI Security Event Log Monitor but we find the program
cumbersome at best and doesn't give you any insight on some
of the event messages that are produced. I'd like to know
if there is a freeware/opensource solution. I know GFI has
recently come out with the Successor to SELM called
EventsManager but we'd like to look into some other
products
that are out there first.

Any replies would be greatly appreciated.

Thank you,

Adam

I am looking for audit tool that will give me a report on
all the file permission on a windows 2000/2003 servers.   I
will prefer open source but would be willing to look at
commercial software if it is superior.

Any recommendations?

Thanks for your help,

fileacl.exe. Not open source, but free, and really, really
cool.

I use it in a daily batch file to document permissions on my
servers.
Doesn't do share permissions, IIRC, but it's a demon at
file
permissions.

Kurt

On 9/24/07, Al Cooper <mailhmcnetworks.com> wrote:
> I am looking for audit tool that will give me a report
on all the file permission on a windows 2000/2003 servers.  
I will prefer open source but would be willing to look at
commercial software if it is superior.
>
> Any recommendations?
>
> Thanks for your help,
>
>
>
>

dacls.exe in Windows

Dumpsec

and several utilities from www.sysinternals.com 



Roger

************************************************************
*****
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH,
yada...yada...
*email: roger_grimesinfoworld.com or rogerbanneretcs.com
*Author of Windows Vista Security: Securing Vista Against
Malicious
Attacks (Wiley)
*http://www.amazon.com/Windows-Vista-Secur
ity-Securing-Malicious/dp/0470
101555
************************************************************
*****


-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of Al Cooper
Sent: Monday, September 24, 2007 12:44 PM
To: security-basicssecurityfocus.com
Subject: File Permission Audit Tool - Windows

I am looking for audit tool that will give me a report on
all the file
permission on a windows 2000/2003 servers.   I will prefer
open source
but would be willing to look at commercial software if it is
superior.

Any recommendations?

Thanks for your help,