Home page logo

basics logo Security Basics mailing list archives

RE: FW/IPS log correlation software
From: "Kevin Ortloff" <Kevin.Ortloff () j2global com>
Date: Fri, 4 Apr 2008 14:59:46 -0700

CS-MARS is a very GREAT tool. I personally have used it at multiple employments and find it to be the best. Plus it has 
some other very useful tools like netflow analysis. Also, when you set up the network devices, you can perform acl 
pushes, shuns, and interface configurations. Automated and on-demand reports. Vulnerability assessment on rough or 
possibly infected/attacked hosts. And many more....

Although CS-MARS is fairly expensive, if you're looking for another great syslogger, check out Sawmill. It's a really 
good tool as well and has automated reports, stats, etc....

Side Note.... You should apply a few filters on acceptable traffic from host --> host on your IPS's. You can also set 
the firewall logs to warnings so you don't get all the build connection notifications ( unless you need/want that ). 
This can limit the amount of data that may or may not be necessary.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Raimar Melchior
Sent: Thursday, April 03, 2008 6:39 AM
To: security-basics () securityfocus com
Subject: FW/IPS log correlation software

Hello list,

we want a central log station where logs from firewalls, ips and other security devices are sent to. All of our 
components support the syslog protocol.
The challange is to filter and correlate this huge amount of logs. We also want to create filtering and reports 
(graphical). The server should have a graphical frontend (gui).
We tried the kiwi syslog server but it doesn't meet our requirements. 
Any good enterprise software out there ?
Any suggestions would be very appreciated.

Many Thanks,

Security Consultant


Niederlassung Köln
Von-der-Wettern-Str. 25
51149 Köln

office: +492203-69923-16
mobile: +49170-2265680
eMail: rm () crocodial de

Sitz der Gesellschaft: Hamburg
Eingetragen: Amtsgericht Hamburg Nr. HRB 83456
Geschäftsführung: Wolfgang Dierke, Helmut Hansen, Lutz Klöber

CROCODIAL SecurityDays 2008:
  Berlin:      16.04.2008          Hamburg:     22.02.2008
               26.09.2008                       05.09.2008
  Bremen:      04.04.2008          Hannover:    18.04.2008
               12.09.2008                       19.09.2008
  Dortmund:    23.10.2008          Köln:        05.06.2008
  Düsseldorf:  10.04.2008

This email, its contents and attachments contain information from j2 Global Communications, Inc. and/or its affiliates 
which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the 
addressee(s) only.  If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is prohibited.  If you have received this email in error please notify the sender by reply e-mail and delete 
the original message and any copies. j2 Global Communications. 6922 Hollywood Blvd., Hollywood, CA 90028.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]