[unisog] [Fwd: Re: OSS monitoring recommendations]

Velasquez Venegas Jaime Omar jaime at ulima.edu.pe
Fri Sep 30 01:16:05 GMT 2005


Hi there.

Sorry to reopen this thread but as we are recently getting done with
moving from Checkpoint to Cisco FWSM ,we are missing our old Checkpoint
Log Viewer tool.
FWSM is a module-based firewall designed to work with Catalyst switches.
Syslog and PDM Viewer seemed to be the only choices to do "Real Time
Monitor" in Cisco FWSM and altough we have tried Cisco VMS 2.x , it
certainly doesn't have the facilities that Checkpoint Log Viewer had ,
specifically like tracking a connection on real time,filtering on real
time traffic based on protocol,firewall device,etc...,logging storage
scheduling.
I've been doing my research and now I know that I might be needing a SIM
solution but I really would appreciate your advice on a good and solid
solution that meets these requirements at least.

Thank you so much!

Jaime
-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Eric Peters
Sent: Wednesday, October 20, 2004 11:29 AM
To: rsumida at csulb.edu
Cc: unisog at lists.sans.org
Subject: [Fwd: Re: [unisog] OSS monitoring recommendations]


Have you checked out http://www.opensims.org/ ? It dose the same as
OSSIM, and OpenSims now supports Nagios for system monitoring also IMHO
OpenSims is a bit easier to install via source.

Cheers,

-- 
---
Eric Peters
System Administrator
Pacific Crest Technology
Office 503.210.0112
Cell    503.975.9957



--------  Message --------
From: Ryan Sumida <rsumida at csulb.edu>
Reply-To: UNIversity Security Operations Group <unisog at lists.sans.org>
To: UNIversity Security Operations Group <unisog at lists.sans.org>
Subject: Re: [unisog] OSS monitoring recommendations
Date: Tue, 19 Oct 2004 14:06:13 -0700

Our campus is in need of a good SIM and OSSIM looks like it might fill
our needs.  Do you know where I can find a list of supported devices
that it can connect to?  I tried searching through the site but didn't
have any luck.  I found a reference to the "Road Map" but couldn't find
that either.   

Netforensics is going to demo their product to us this week.  Any
thoughts about their SIM solution?  Their product is not that cheap,
$60K for a license to connect to 30 devices.  Although Netforensics may
be more robust, OpenSource software is starting to look a little more
feasible. 

Regards, 
________________________________________
Ryan Sumida
Network Analyst, Network Services
Information Technology Services
California State University, Long Beach
1250 Bellflower Blvd, Long Beach, CA 90840-0101
(562) 985-8411
_________________________________________ 


Mike.Radomski at itec.mail.suny.edu 
Sent by: unisog-
bounces at lists.sans.org 

10/15/2004 06:03 PM 
         Please respond to
UNIversity Security Operations Group
      <unisog at lists.sans.org>




                To
Eric Peters
<epeters at pcthome.com>, UNIversity Security Operations Group
<unisog at lists.sans.org> 
                cc

           Subject
Re: [unisog] OSS
monitoring
recommendations









I have been setting up Open Source Security Information Manager
(http://www.ossim.net).  It combines a bunch of tools like ntop, snort,
ACID, nessus etc into one interface with a correlation engine.  It looks
promising at this point, but I have not used it extensively yet.  I am
having a problem with ntop crashing, anyone else have problems with ntop
on Fedora?

Cheers! 
-- 
Mike Radomski 

SUNY - ITEC 
Information Technology Exchange Center 
Systems Programmer/Analyst 
E-mail: Mike.Radomski at itec.mail.suny.edu 
Systems E-Mail: scsys at itec.mail.suny.edu 
Phone: (716)878-4832 
Cellular: (716)807-4040 
Fax: (716)878-3485 

There are only 10 types of people... 
Those who understand binary and those who don't. 

Eric Peters <epeters at pcthome.com> 
Sent by: unisog-
bounces at lists.sans.org 

10/12/04 03:28 PM 
         Please respond to
 Eric Peters <epeters at pcthome.com>;
         Please respond to
UNIversity Security Operations Group
      <unisog at lists.sans.org>

                To
UNIversity
Security
Operations Group
<unisog at lists.sans.org> 
                cc

           Subject
Re: [unisog] OSS
monitoring
recommendations










What I use

Snort (Bleeding Edge Rules)+ Acid +ntop + tcpdump + prelude + Opensims +
honeyd + Nagios + READING SANS DAILY ;)

Not much you can't see with those tools in place and working.


Cheers,
Eric





On Tue, 2004-10-12 at 13:42 -0500, Ben Beuchler wrote:
> I recently acquired the network admin / network security position at a

> small art school in Minneapolis and, while I've been a sysadmin and 
> network admin for a few years, I'm new to the security monitoring
aspects
> of my job.  I'm looking for suggestions for monitoring traffic at our
> border.   Snort, ntop, ngrep all seem pretty obvious.   What other
tools
> do you find useful?  Any OSS equivalent to the Packeteer?
> 
> Thanks!
> 
> -Ben
> 
_______________________________________________
unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog
_______________________________________________
unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog

_______________________________________________
unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog

_______________________________________________
unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog




More information about the unisog mailing list