IPSec? To be honest, I've never seen a requirement for encryption of Syslog traffic - I think most people accept that it's an inherently unreliable, unencrypted protocol. Instead, setup up multiple Syslog servers.
SEIM is more than just a Syslog store - it's a tool that will look across logs from multiple event sources and alert you when there's a problem (e.g. by correlating events from multiple places). Of course, doing this effectively means writing good rules (or having a decent set out-of-the-box). Arcsight is one of the better products in this area. SCOM isn't really a SEIM - it's a monitoring tool. But I don't think it has any certification at all, and you'd be writing your own correlation rules from scratch. It's also very Windows focused. Cheers Ken From: [email protected] [mailto:[email protected]] Sent: Thursday, 26 January 2012 11:37 PM To: NT System Admin Issues Subject: RE: FW: SIEM I am not sure either since syslog messaging is on a UDP port 514 and is clear text in transit??? hmmmm curiouser and curiouser From: Michael B. Smith [mailto:[email protected]]<mailto:[mailto:[email protected]]> Posted At: Thursday, January 26, 2012 9:43 AM Posted To: [email protected]<mailto:[email protected]> Conversation: FW: SIEM Subject: RE: FW: SIEM I would be remiss to not point out System Center Operations Manager. And yes, it has the capability of encrypting data in-transit and at rest for Windows clients/servers and for various Linux/UNIX distributions. No clue how you would do that with routers/switches/etc. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: [email protected]<mailto:[email protected]> [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, January 26, 2012 9:13 AM To: NT System Admin Issues Subject: RE: FW: SIEM I do that with my Kiwi Syslog software, Routers, Switches, Firewalls, Windows NT events, Printer events, and IP camera logs but that wasn't good enough because it doesn't encrypt the logs as well. #1 I hadn't heard that term before. I was called it Log monitoring and management. #2 They are keying of the RSA log hacking to enforce the encryption of the logs while in transit and at rest. Blah Blah Blah. Thanks. Anyone have a good SIEM product or appliance they use? I am looking at LogRythm or SPLUNK??? From: Erik Goldoff [mailto:[email protected]]<mailto:[mailto:[email protected]]> Posted At: Wednesday, January 25, 2012 3:42 PM Posted To: [email protected]<mailto:[email protected]> Conversation: FW: SIEM Subject: Re: FW: SIEM Security Event Information Management ... security event log/alerting ? On Wed, Jan 25, 2012 at 2:14 PM, [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> wrote: This is new to me. What is SIEM and what do I do with it? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
