Re: Network flow log consolidation

["Jenkins, Matthew" <mjenkins7 () FAIRMONTSTATE EDU>]

Speaking of MARS, does anyone know of an open source application for collecting logs off of Cisco IDS modules?  MARS 
wasn't in the budget this year :-)

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
304.367.4955
Visit us online at www.fairmontstate.edu
________________________________________
From: Justin Dover [mailto:Dover () HARPETHHALL ORG] 
Sent: Tuesday, April 25, 2006 4:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Network flow log consolidation

Cisco MARS is VERY nice.  Especially if you have an entire Cisco infrastructure.  I hope to have one someday.  I have 
seen it in action.

Justin Dover
Harpeth Hall School
615-346-0082

The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Tuesday, April 25, 2006 at 2:43 
PM -0600 wrote:
Commercially, ArcSight and Cisco have decent products... Requirements
for hardware and software are higher... but might be worth checking
out....

Arcsight is a software based solution and Cisco has the CS-MARS
appliance.

Cisco does well in basic log correlation and trends... Arcsight is much
more advanced in correlation and incident analysis (getting down to the
nitty gritty)....

Both deal with Netflow...