Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Log management
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Thu, 1 Feb 2007 11:15:52 -0600

We're shortly going to run an RFP process, so results from your RFI
could be useful.

We're looking for a state-wide (~50-location ~35 institutuion)
hierarchical multi-managed solution, aka campus devices which can be
useful locally and bubble up extracts to a master console.

Are you on the smaller side?  I don't see Arcsight, LogLogic, and some
of the more scalable players on your list.

    -jml

mclaugkl () UCMAIL UC EDU 2007-01-31 07:34 >>>
Hi Charlie:
If you aren't in a hurry touch back with me in a month or so and I
should have some good data to share with you. We have an RFI for a
solution out now and the following is a list of just a few of the
vendors who have stated they are responding:

IBM/ISS
CISCO
Secure State
Fusion
CA
HP
Cambia
Tripwire
and a handful of local vendors

If anyone else wants a summary of what we find out just let me know and
I'll send it your way.

-Kevin


________________________________

From: Charles L. Bombard [mailto:BombardC () CCV EDU]
Sent: Wed 1/31/2007 8:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Log management



Hey everyone,

        What would you all recommend for central log management? We
are
currently looking at GFI eventmanager. The ideal solution will combine
the monitoring of both windows and linux logs, and have the ability to
generate alerts based on our settings.

        Recommendations of things to look at as well as things to
avoid
is appreciated.

-Charlie

==========================================

Charles Bombard, GSEC
LAN/Systems Administrator
Community College of Vermont
119 Pearl Street
Burlington, VT 05401
802.657.4234
bombardc () ccv edu

PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated
recipient only and may contain privileged, confidential, or otherwise
private information. If you have received it in error, please notify
the
sender immediately and delete the original. Any other use of an email
received in error is prohibited.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault