I agree with Jamie. I have used NSM and found it to be a very robust and
well engineered product. It tends to support more normalizers for Windows
than Unix, but the Itactics folks are very eager to work with their
customers to build custom normalizers. eSecurity is another company that
makes a log consolidator/analyzer, but it is geared towards large
enterprises. NSM is more easily adaptable to large or small networks.

--
Jeff Holland, GCIA/GCIH/GSEC
Network Security Engineer
Raytheon, Dallas, TX
Jamie French wrote:
> I would recommend checking out Intellitactics NSM at
> http://www.itactics.com/.
> I have experience with NetForensics and found it to be a little slow and
> no where nearly as functional as NSM.  Have fun on your hunt.
> Regards,
> Jamie French
> www.whitehats.ca
> *******************************************************
> I have been been researching Tivoli Risk Manager also. Any thoughts on
> this
> product would be greatly appreciated.
>
> Ryan Benisek
> Systems Engineer
> Verizon, Inc.
>
> -----Original Message-----
> From: Yoann Le Corvic [mailto:Yoann.LeCorviclinkvest.com]
> Sent: Friday, November 30, 2001 1:08 PM
> To: focus-idssecurityfocus.com%internet
> Subject: Centralized Logs for IDS
>
> Hi All
> I am studying different ways to centralize logs from different products
> and platforms, to be able to correlate events to detect intrusions. This
> is to be used with Solaris, Real Secure, FW-1, NT/2000
> I have already a list of products I looked into, but not tested:
> Tivoli Intrusion Manager
> Netforensics
> Infovista
> Netsecurelog
> Webtrends Firewall Reporting Center
> Logsurfer
> Anyone has any good/bad experience with those products ?
> Any other solutions FREE/COMMERCIAL ?
>
> *******************************************
> Yoann Le Corvic
> Ingénieur d'Etudes Sécurité et Informatiques

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]