The primary goal of a log management solution is to receive events from multiple sources, to parse and to make them available for multiple purposes: searching, alerting and reporting. But why not send some interesting events to another log management system or application? Usually, some inputs are added in the
Tag: Log
OSSEC Speaks “ArcSight”
Log management… A hot topic! There are plenty of solutions to manage your logs. Like in all IT domains, there are two major categories: free and commercial tools. Both have pro and cons. No big debate here, contrariwise I’ll show you a good example of a mix between both worlds.
Log Management: Don’t be an Ostrich!
I would like to tell you about the situation I experienced this afternoon. The goal of a log management solution is to collect and store events from several devices and applications in a central and safe place. By using search and reporting tools, useful information can be extracted from those
My OSSEC DashBoard
For a while, I was looking for a good solution to display my OSSEC server status in (near) real time. For most of us, the classic log file monitoring tool still remains based on the “tail | grep | awk | less” commands. If it catches perfectly the events you
Use your Logs to Detect Fraud
I was invited by the ISSA Belgium chapter to talk last night about log management & SIEM (“Security Information and Event Management“). This is a very interesting topic but almost everything has been said (good as bad) on SIEM. I decided to innovate and to use some articles posted in
Send Events Safely to the Loggly Cloud
I received my Loggly beta account (thanks to them!) a few days ago and started to test this cloud service more intensively. I won’t explain again what is Loggly, I already posted an article on this service. For me, services like Loggly are the perfect cloud examples with all the
All Your Logs are Belong to the Cloud…
Ever heard of Loggly? This is a new cloud service which presents itself as “Logs Made Easy“. I’ll not come back on the definition of cloud computing, its benefits and issues. If you are looking for interesting information about this topic, I suggest you to visit Craig Balding’s blog cloudsecurity.org.
Implementing Active Lists in OSSEC
The second OSSEC week just ended. Here is a reflection about a feature that does not exist (yet?) in OSSEC. The goal of a SIEM (“Security Incidents and Events Management“) is to collect logs from multiple non-heterogeneous sources and process them to add some extra value to the events. To
This Blog is Monitored by OSSEC
As part of the second edition of the OSSEC week, I’d like to give some information about my daily usage of OSSEC. This week is an initiative from Michael Starks of Immutable Security and aim to promote OSSEC to the security community. I’m fully supporting such great initiatives. What about
PaloAlto Firewall Threat Monitoring Using OSSEC
Usually, I don’t speak or even try to give references to commercial security products on my blog. Why? Just because, my philosophy is the following: “First analyze the problems and then choose the right solution(s)“. The proposed solution could be commercial or free, hardware or software based, who cares? If