Syslog Management Tools
-
Hi,
Just watching the Security+ security context show and I wonder if you could advise me on some free or free for personal use syslog management tool for education purpose.
I don't really catch how to easily review the logs of all the different layers of security.
How to sort necessary logs from the unnecessary from firewalls, routers, NIDS, HIDS, applications...Thank for your advices
David -
David,
There's several that are out there but not all of them will do what you want them to do. For example, I use one that is called tftpd32 or tftpd64. You can find it at http://tftpd32.jounin.net/tftpd32_download.html. This is a "handy" utility that is functional, though it will log messages and save them for you. It doesn't sort the messages like you've asked.
The free utility that you might consider is Kiwi's Syslog Server: http://www.kiwisyslog.com/free-edition.aspx This may provide what you're wanting to do with some limitations. You can see what those limitations are on the link.
Here's another one you might find even more powerful, a suite of utilities from What'sUpGold. You may get some marketing but not bad for what the offer looks like. http://info.whatsupgold.com/Network-Managers-Free-Toolkit.html?source=free+tool&details=website+inbound&ft=sys-a
Cordially,
Ronnie Wong
Host, ITProTV -
Syslog and event management can grow into a large topic and ultimately lead into analytics and SIEM.
The original syslog daemon is syslog on linux, but most distributions come with rsyslog theses days and is very flexible in sorting and filtering messages. But it is all through the CLI.
If you want a UI to investigate logs then again there are lots of open source tools, to get started download security onion http://blog.securityonion.net/p/securityonion.html , install into a VM and have a look at ELSA.
You can also checkout LogStash as well, but it is a more involved install.
Then there are all the commercial offerings that you can look and a few give a freemium model.
Cheers
Dan