How much money do you have to spend? How many servers? Are you looking to collect logs from workstations as well? If so, how many? Do you want router, firewall, web (IIS, Apache, etc.), plus other kinds of logs, or are there specific logs you are looking at? Answering these questions may very well determine what kind of log management system you get. We have an appliance-based system (RSA envision) right now which we are hoping to upgrade, but we are looking at spending nearly 500K. Then again, it does all kinds of stuff. Depending on what you need, they have different flavors that are less expensive. Some options I know of:
Kiwi Syslog (free) Splunk (not too expensive for the enterprise version, but a beast to configure from my experience, plus buggy with the wmi plugin) GFI LanGuard EventLog Analyzer LogLogic RSA envision (what we use right now) I am sure there are plenty of others out there - just depends on what you need it to do and how much you are willing to pay. This is one area where, IMHO, you truly get what you pay for. Here's a link to an article that may provide some information (although they don't include envision): http://windowsitpro.com/Files/40712/40712.pdf Thanks, James Winzenz Infrastructure Systems Engineer II - Security Pulte Homes Information Services -----Original Message----- From: James Edwards [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2008 3:36 PM To: NT System Admin Issues Subject: Log Management Suggestions? I'm on a committee looking into log management systems, and looking for any suggestions from those using one now. Ideally it should be xplatform (Win, OSX, Linux, Solaris). Able to notify Admins vis e-mail, text message, pager or console, and have customizable filters. Time to go home for the week end, but, early Monday... Thanks guys!! Jim ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
