[sdw2003] Log Monitoring and Intrusion Detection
John Oliver
joliver at john-oliver.net
Thu Jan 28 09:27:15 PST 2010
On Wed, Jan 27, 2010 at 11:31:13AM -0800, Paul Wochnick wrote:
> Wanted to check with this group to see if people are using log
> monitoring solutions. Currently I am using SCOM 2007 for health
> monitoring but need something create alerts for intrusion detection.
> Any suggestions?
For intrusion detection, you really should have a dedicated IDS like
snort.
For monitoring logs... setting up a loghost is a good idea. In the
Linux world there is logcheck / logwatch. For Windows, I remmeber
http://www.windowsecurity.com/software/Event-Log-Monitoring/
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
More information about the sdw2003
mailing list