|
|
|
|
05-14-2004, 06:12 PM
|
#1 |
Syslog analyzer
Hi to all
I'm looking for a I.D.S. or a configurable log analyzer who can acquire syslog from a firewall (actually I'm using a netgear's FR114P). I've tried with kiwi syslog analyzer, but my goal is not only to collect log, but possibly to signal when a strange activity is reported (a ping, a simple, isolated portscan or an attempt to establish a connection can be considered a "normal" noise in internet, 10 portscan or something other repetitive can be considered a "real" attack). Now with kiwi syslog a complete portscan realize 65000 logs... really not friendly. The optimum can be a pop-up who tells me there is an attack from an IP, or something similar. Can you help me? Thank you very Much Michele ACM |
|
|
|
05-15-2004, 07:57 PM
|
#2 |
|
Posts: n/a
|
Re: Syslog analyzer
On Fri, 14 May 2004 19:12:21 +0200, ACM <michele-no-spam-@acmsolution.com> wrote:
>Hi to all >I'm looking for a I.D.S. or a configurable log analyzer who can acquire >syslog from a firewall (actually I'm using a netgear's FR114P). >I've tried with kiwi syslog analyzer, but my goal is not only to collect >log, but possibly to signal when a strange activity is reported (a ping, a >simple, isolated portscan or an attempt to establish a connection can be >considered a "normal" noise in internet, 10 portscan or something other >repetitive can be considered a "real" attack). > >Now with kiwi syslog a complete portscan realize 65000 logs... really not >friendly. The optimum can be a pop-up who tells me there is an attack from >an IP, or something similar. > >Can you help me? >Thank you very Much > Michele Michele, Give Link Logger a try. It comes with a 14 day trial period. http://www.linklogger.com/ Cheers, Chuck I hate spam - Please get rid of the spam if you want to email me!! Trusted Computing? Right! http://www.againsttcpa.com/ Chuck |
|
|
|
05-17-2004, 08:02 AM
|
#3 |
|
Posts: n/a
|
Re: Syslog analyzer
In data Sat, 15 May 2004 18:57:16 GMT, Chuck ha scritto:
> On Fri, 14 May 2004 19:12:21 +0200, ACM <michele-no-spam-@acmsolution.com> wrote: > >>Hi to all >>I'm looking for a I.D.S. or a configurable log analyzer who can acquire >>syslog from a firewall (actually I'm using a netgear's FR114P). >>I've tried with kiwi syslog analyzer, but my goal is not only to collect >>log, but possibly to signal when a strange activity is reported (a ping, a >>simple, isolated portscan or an attempt to establish a connection can be >>considered a "normal" noise in internet, 10 portscan or something other >>repetitive can be considered a "real" attack). >> >>Now with kiwi syslog a complete portscan realize 65000 logs... really not >>friendly. The optimum can be a pop-up who tells me there is an attack from >>an IP, or something similar. >> >>Can you help me? >>Thank you very Much >> Michele > > Michele, > > Give Link Logger a try. It comes with a 14 day trial period. > http://www.linklogger.com/ > > Cheers, > > Chuck > I hate spam - Please get rid of the spam if you want to email me!! > Trusted Computing? Right! http://www.againsttcpa.com/ Thank you, but I'm using yet linklogger. It's a good program but it has some limitations: first I can't create a remote control of log (i can only send e-mail notification). I'm looking for a configurable program which can receive syslog string and analyze them from a remote site, so linklogger isn't the right solution. Thank you Michele ACM |
|
|
