Thanks for the info on OSSIM. I'm actually aiming for something that senior management would look at (I left that little detail out), so OSSIM is way too much info for them. However, it looks quite interesting to **me**, so I'll be playing with it shortly.
Jason On Tue, Oct 6, 2009 at 4:42 PM, Robert Miller <[email protected]> wrote: > I have used OSSIM and I liked it for the most part. I did find that > with the traffic we passed it became overwhelmed and the hard drives > filed up in under a day (140GB) making it completely unresponsive. > > You may want to make sure to partition off things such as your logs so > if you fill up the partition you can still access and operate the server. > > Let me know how it works out for you, I was pulled off the project for > another of higher priority but should be back on it in a month or so. > > *** Personal Note - All answers to this are great as I know many have > thought this same thing and it is asked often *** > > - Robert > > Andrew Ellis wrote: > > You might look into using OSSIM. It's great for aggregating events and > > viewing them. It's pretty modular so odds are good you'll be able to > > get what you're looking at plugged into it. It also has jasperserver > > running within it, which let's you write reports pretty easily from > > the data you've already got. > > > > https://www.alienvault.com/products.php?section=OpenSourceSIM > > > > On Tue, Oct 6, 2009 at 2:58 PM, Jason Wood <[email protected]> wrote: > > > >> Hey all, > >> I've been asked to try to put together reporting for security related > issues > >> and items. I've created a starting place for what I would like to > report > >> on. I REALLY don't want to put all this into a spreadsheet and try to > >> maintain that. I'd prefer some kind of dashboard which could pull > >> information from ticketing systems, scripts, etc to make at least some > of > >> the updates. > >> > >> Does anyone know of an open source app like this or could be a decent > base > >> to start with? And, rather than set this idea in stone, I'm open to > >> different ideas if someone has an alternative that they are using. > >> > >> Thanks, > >> Jason > >> > >> -- > >> > >> irc: Tadaka > >> Twitter: Jason_Wood > >> jwnetworkconsulting.com > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > >> > > > > > > > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- irc: Tadaka Twitter: Jason_Wood jwnetworkconsulting.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
