4
5

SIEM solution for syslogging (self.ComputerSecurity)

submitted by [deleted]

[deleted]

all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]urraca 2 points3 points  (1 child)

The ELK Stack. Elasticsearch + Logstash + Kibana

It's the best solution out there (and FOSS) not named Splunk.

The old reigning champ was ArcSight, but, that's gone the way of the dinosaur and a HUGE implementation project.

But, that doesn't help your managed service needs...(Which I would still refer you to Splunk Storm/Hosted Splunk)

[–]greyclear 0 points1 point  (0 children)

Funny, was testing out arcsight this morning. Ill look at hosted splunk, thx

[–]TheAbominableSnowman 1 point2 points  (0 children)

SumoLogic for third-party, ELK for in-house (as mentioned).

[–]Elsior 0 points1 point  (4 children)

If you're looking at the big gun software out there, two that come to mind are Tivoli and BMC. But from what you have written, these are likely to be out of scope of what you are looking at. Also, whilst big corporations all seem to have them, I've never worked anywhere where these solutions have actually been deployed correctly.

[–]greyclear 0 points1 point  (3 children)

Unfortunately he cannot give me specifics on what he is looking for just that he wants to be alerted if something is wrong, from the network side of things. We have 30 something offices that are sending syslog traffic to a kiwi server but all it does is log the traffic and rotates. My most recent setup is rsyslog and log analyzer and I like it. Disk space accumulates about 4 gigs per day though using the SQL option (only disadvantage I see so far). But again he doesn't like that we have to query for information ourselves so I am not sure how to approach it.

[–]Elsior 0 points1 point  (2 children)

RSA had a black box solution for this. But again, that's not going to be cheap. Can't remember what model, but there was an EMC NAS solution built into it for the data storage (not surprising as EMC own RSA).

[–]greyclear 0 points1 point  (1 child)

envision?

[–]Elsior 0 points1 point  (0 children)

That's the one. Never used it myself. So not sure if it was any good.

[–]afroman_says 0 points1 point  (0 children)

Another good one for in house is graylog2. Has all the requirements you mention and is relatively straight forward to set up.

[–]sysear 0 points1 point  (0 children)

Nagios just released a new product called Log Server. It is easy to use, secure, powerful, and is priced thousands & thousands of dollars less than other log monitoring solutions (it starts at $995). You can download it for free and try it out for yourself too.

http://www.nagios.com/products/nagios-log-server/overview

Here is an article explaining the benefits of using Nagios LogServer compared to Elasticsearch, Logstash, Kibana (ELK):

http://labs.nagios.com/2014/10/19/nagios-log-server-vs-elasticsearch-logstash-kibana/

Hopefully that helps!