[32115] in resnet
Re: SIEM / Log monitoring options
daemon@ATHENA.MIT.EDU (Osborne, Bruce W (Network Operatio)
Fri May 26 07:43:07 2017
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_DM5PR05MB2860F07FCA0D6871B2F4ABF0D7FC0DM5PR05MB2860namp_"
MIME-Version: 1.0
Message-ID: <DM5PR05MB2860F07FCA0D6871B2F4ABF0D7FC0@DM5PR05MB2860.namprd05.prod.outlook.com>
Date: Fri, 26 May 2017 11:41:36 +0000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Osborne, Bruce W (Network Operations)" <bosborne@LIBERTY.EDU>
To: RESNET-L@listserv.nd.edu
--_000_DM5PR05MB2860F07FCA0D6871B2F4ABF0D7FC0DM5PR05MB2860namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Our Network Operations group here has started using the free Graylog server=
.
Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: MATT KARSCHNER [mailto:karschner@LYCOMING.EDU]
Sent: Thursday, May 25, 2017 11:20 AM
Subject: SIEM / Log monitoring options
Hi everyone,
I'm curious what you all are using, if anything, for log monitoring / SIEM =
products or services. We are looking into these at the moment:
AlienVault
Catchpoint
EventTracker
FortiSIEM
LogRhythm
Logic Monitor
NetWatcher
Thank you for any information.
--
Matt Karschner
Network Specialist
Lycoming College
700 College Place Box 142
Williamsport, PA 17701
570.321.4397<tel:570.321.4397>
karschner@lycoming.edu<mailto:franquet@lycoming.edu>
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_DM5PR05MB2860F07FCA0D6871B2F4ABF0D7FC0DM5PR05MB2860namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Our Network Operations group here has started using =
the free Graylog server.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<div>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;background:white">
<b><span style=3D"font-size:8.5pt;font-family:"Verdana",sans-seri=
f;color:black"> </span></b><b><span style=3D"font-size:10.0pt;font-fam=
ily:"Tahoma",sans-serif;color:black"><o:p></o:p></span></b></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;margin-right:.5in;m=
so-margin-bottom-alt:auto;background:white;text-autospace:none">
<b><span style=3D"font-size:8.5pt;font-family:"Verdana",sans-seri=
f;color:#001B3E">Bruce Osborne</span></b><b><span style=3D"font-size:10.0pt=
;font-family:"Tahoma",sans-serif;color:black"><o:p></o:p></span><=
/b></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;margin-right:.5in;m=
so-margin-bottom-alt:auto;background:white;text-autospace:none">
<b><i><span style=3D"font-size:8.5pt;font-family:"Verdana",sans-s=
erif;color:#001B3E">Senior Network Engineer</span></i></b><b><span style=3D=
"font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><o=
:p></o:p></span></b></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;margin-right:.5in;m=
so-margin-bottom-alt:auto;background:white;text-autospace:none">
<b><span style=3D"font-size:8.5pt;font-family:"Verdana",sans-seri=
f;color:#001B3E">Network Operations - Wireless</span></b><b><span style=3D"=
font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><o:=
p></o:p></span></b></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;background:white">
<b><span style=3D"font-size:8.5pt;font-family:"Tahoma",sans-serif=
;color:black"> </span></b><b><span style=3D"font-size:8.5pt;font-famil=
y:"Verdana",sans-serif;color:black">(434) 592-4229</span></b><b><=
span style=3D"font-size:10.0pt;font-family:"Tahoma",sans-serif;co=
lor:black"><o:p></o:p></span></b></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;background:white">
<b><span style=3D"font-size:8.5pt;font-family:"Georgia",serif;col=
or:#AA0000">LIBERTY UNIVERSITY</span></b><b><span style=3D"font-size:10.0pt=
;font-family:"Tahoma",sans-serif;color:black"><o:p></o:p></span><=
/b></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;background:white">
<b><i><span style=3D"font-size:8.5pt;font-family:"Georgia",serif;=
color:#AA0000">Training Champions for Christ since 1971</span></i></b><b><s=
pan style=3D"font-size:10.0pt;font-family:"Tahoma",sans-serif;col=
or:black"><o:p></o:p></span></b></p>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> MATT KARSCHNER [mailto:karschner@LYCOMI=
NG.EDU] <br>
<b>Sent:</b> Thursday, May 25, 2017 11:20 AM<br>
<b>Subject:</b> SIEM / Log monitoring options<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<div id=3D"divtagdefaultwrapper">
<p><span style=3D"font-size:12.0pt;color:black">Hi everyone, <o:p></o=
:p></span></p>
<p><span style=3D"font-size:12.0pt;color:black"><o:p> </o:p></span></p=
>
<p><span style=3D"font-size:12.0pt;color:black">I'm curious what you all ar=
e using, if anything, for log monitoring / SIEM products or services.  =
;We are looking into these at the moment:<o:p></o:p></span></p>
<p><span style=3D"font-size:12.0pt;color:black"><o:p> </o:p></span></p=
>
<p><span style=3D"font-size:12.0pt;color:black">AlienVault<o:p></o:p></span=
></p>
<p><span style=3D"font-size:12.0pt;color:black">Catchpoint<o:p></o:p></span=
></p>
<p><span style=3D"font-size:12.0pt;color:black">EventTracker<o:p></o:p></sp=
an></p>
<p><span style=3D"font-size:12.0pt;color:black">FortiSIEM<o:p></o:p></span>=
</p>
<p><span style=3D"font-size:12.0pt;color:black">LogRhythm<o:p></o:p></span>=
</p>
<p><span style=3D"font-size:12.0pt;color:black">Logic Monitor<o:p></o:p></s=
pan></p>
<p><span style=3D"font-size:12.0pt;color:black">NetWatcher<o:p></o:p></span=
></p>
<p><span style=3D"font-size:12.0pt;color:black"><o:p> </o:p></span></p=
>
<p><span style=3D"font-size:12.0pt;color:black">Thank you for any informati=
on.<o:p></o:p></span></p>
<p><span style=3D"font-size:12.0pt;color:black"><o:p> </o:p></span></p=
>
<div id=3D"Signature">
<div id=3D"divtagdefaultwrapper">
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-size:12.0pt;color:black">-- <o:p></o:p></=
span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;text-autospace:none">
<span style=3D"color:#18376A">Matt Karschner</span><span style=3D"font-size=
:12.0pt;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;text-autospace:none">
<span style=3D"color:#18376A">Network Specialist</span><span style=3D"font-=
size:12.0pt;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;text-autospace:none">
<span style=3D"color:#18376A">Lycoming College</span><span style=3D"font-si=
ze:12.0pt;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;text-autospace:none">
<span style=3D"color:#18376A">700 College Place Box 142</span><span style=
=3D"font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;text-autospace:none">
<span style=3D"color:#18376A">Williamsport, PA 17701</span><span style=3D"f=
ont-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;text-autospace:none">
<span style=3D"color:black"><a href=3D"tel:570.321.4397"><span style=3D"col=
or:#0000E9">570.321.4397</span></a></span><span style=3D"font-size:12.0pt;c=
olor:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto;text-autospace:none">
<span style=3D"color:black"><a href=3D"mailto:franquet@lycoming.edu"><span =
style=3D"color:#0000E9">karschner@lycoming.edu</span></a></span><span style=
=3D"font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
</div>
</div>
<p class=3D"MsoNormal">___________________________________________________ =
You are subscribed to the ResNet-L mailing list.
<o:p></o:p></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
<o:p></o:p></p>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_DM5PR05MB2860F07FCA0D6871B2F4ABF0D7FC0DM5PR05MB2860namp_--
