[CDBUG-talk] log search and report for multiple devices.

Stephan, Richard RStephan at nyiso.com
Tue Oct 16 22:01:12 EDT 2012


QRadar is a popular aggregator of syslog information. However, I think that it is fairly costly.

From: Jonathan Franks [mailto:jonathan.franks at gmail.com]
Sent: Tuesday, October 16, 2012 05:02 PM
To: CDBUG <cdbug-talk at lists.nycbug.org>
Subject: [CDBUG-talk] log search and report for multiple devices.

Does anyone know of a good package, whether commercial or open source, that allows a sysadmin to pull information from the logs of multiple devices specific to a security event, ie to provide information to law enforcement? What I'm hoping to do is to have said devices (think firewall, wlc, dhcp, web filter, etc. etc.) log to a syslog server somewhere, and be able to easily extract information about a given internal ip at a given time from all of them in a meaningful way without having to parse the files individually any time this type of information is required.

I can envision scripting this, but the folks who'd be utilizing this would be more comfortable with a GUI front end, maybe something web based.

-Jonathan


The information in this email is confidential and may be legally privileged against disclosure other than to the intended recipient. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Please immediately delete this message and inform the sender of this error. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/cdbug-talk/attachments/20121016/9b2c102f/attachment.html>


More information about the CDBUG-talk mailing list