Zen 2.0

LoGS is a rule-based log analysis engine which attempts to address some of the short-comings of other freely available tools. LoGS can be obtained at: http://www.hpc.unm.edu/~download/LoGS/

Ten questions about Sarbanes-Oxley compliance Can you or your CEO answer these questions on the Sarbanes-Oxley Act? Knowing the answers and following through could keep your company on solid ground and your CEO on the job.

A very interesting article on Windows Logon Type codes. It is extremely useful when you need to analyze your Windows logon logs to find out what’s happening. Logon type codes revealed The logon/logoff category of the Windows security log gives you the ability to monitor all attempts to access the local computer. This article examines [...]

Worldwide e-security spending up 30pc The global security software and appliance market grew by 30 percent during 2004, with revenues topping USD3.7 billion. That’s according to market research and consulting firm Infonetics Research which also predicts that the security market will continue to grow strongly and will be worth USD5.5 billion by 2008. On a [...]

Oak seems like an intersting syslog monitoring tool. But swatch still seems to be more advanced. Oak is a program that can be used to monitor syslogs from a collection of servers and notify operators when problem conditions arise. In addition to providing immediate notification of critical problems oak will also batch less critical problems [...]

Testing Network-based Intrusion Detection Signatures using Mutant Exploits Applying Term Weight Techniques to Event Log Analysis for Intrusion Detection On the Nature of Syslog Data Bayesian Event Classification for Intrusion Detection

OsAudit version 0.1 is available for download. OsAudit is a complete system for log gathering, monitoring and analysis. It has two different running modes: server and client. For more information, go to: http://www.ossec.net/osaudit/ http://osaudit.sourceforge.net http://sourceforge.net/projects/osaudit/ For comments, suggetions or questions: daniel.cid @ (at) gmail.com

Met some really kewl ppl at the RSA show the last couple of days. Saw many of my old collegues from Addamark, Cable & Wireless, and Exodus. Everyone’s walking the floor and chatting away. Met Raffy Marty from ArcSight. He’s an SE over there. Seems like a really kewl guy. He’s started a mailing list [...]

I manned the LogLogic booth for two days and I must have had a dozen people came by to try to sell us stuff or partner w/ us. Dell, Precise Terms, EventGnosis, etc etc etc. A long list of them. Just thought it was interesting.

So I was at RSA today talking to the various SEM/SIM vendors. I talked to one of the ladies at the ArcSight booth and I asked her whether ArcSight is a good solution for a company that’s got a bunch of Windows and UNIX servers and getting about 500 messages per second. The lady said [...]