Finding a Needle in a Haystack

I am going to go out on a limb and assert that over 80% of IT shops do not take security seriously and even those who do are not proactive about it.

Whenever an anomaly hits the network, system admins and network engineers hit the logs in an attempt to figure what is going on.

Ideally you will have a centralized server running “syslog” gathering logs from all devices on the network that can put out logs.

Unfortunately, unless you’re “Neo” from the movie “Matrix” it will almost impossible to make sense, interpret or pick up patterns from the vast amount of data in these logs.

This is were a good Log Analyzer comes in. There are well known log analyzers out there for web traffic, including AWStats, Analog, WebLogExpert, Webalizer and WebTrends but something more comprehensive is needed when it comes to security.

Unmatched as a security log analysis tool, “Splunk” gathers data from traps, alerts, syslog and snmp as well as imported logs  and lets you graph and search it via a simple web interface. In addition to helping find threats and dangerous trends, it can generate nice reports of your findings.

On the commercial front Sawmill looks like a good product, but I will need to demo and review it.


Reblog this post [with Zemanta]