Solved

Real-Time Monitoring Tools

Posted on 2014-02-18
12
623 Views
Last Modified: 2014-03-11
i have to evaluate such a tool and im stuck between various products: Splunk,Nagios and Groundwork. We need a Tool that collects logs,warnings,alerts,etc. from our firewalls,IDS, proxies,stc. and displays them clearly arranged in a GUI,divided in chapters. from there,it should be also possible to easily extract that info into a *.xls file, to show that to our management.
0
Comment
Question by:DukewillNukem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 250 total points
ID: 39867528
Nagios in my opinion is the more powerful tool. It can cover all your monitoring needs. Splunk collects logs and displays them in a nice readable format but thats about it. Lastly Cacti is also very good. Especially for reporting. I use cacti in combination with nagios to cover all my monitoring and reporting needs.
0
 

Author Comment

by:DukewillNukem
ID: 39867555
thx for the reply. how about alerts and warnings? i also need something that can display me statistics,say for the last 6 months how many threats we had,etc.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39867624
Nagios for sure. It can send email alerts and warning and can even be configured to send SMS if you have the sms text message gateway setup. It store statistics until your hard drive gets full. My nagios on a 40GB data drive had 3 years worth of logs before I have to clear space. I monitor about 40 locations and 2 data centers so its probably 250 to 300 unique hosts that I monitor
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39868874
Nagios is not a SIIEM, while it can be configured to alert on so many things, log input is one of those things but that doesn't make it a correlation engine like other SIEM products.

Nagios sounds more like what you want, and it costs sooo much less than anything else.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 39869664
thx for the tip. however,we need a tool with SIEM capabilities. does nagios fulfill that?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39870077
It does not. Splunk, LogRythm or AlienVault would be SIEM. AlienVault is closest to Nagios with it's roots in Opensource. SIEM's aren't all that great in themselves, most end up only being used as log search engines, being more retroactive than proactive. If you get one make sure you use it proactively. I have 12 clients that don't and they spend too much money to just have a log aggregation+search. They are all capable of much much more, and you are going to pay for it, so use it as best you can!
-rich
0
 

Author Comment

by:DukewillNukem
ID: 39870579
so,is Splunk then SIEM or not? if yes,where is this proved? i need 100% sure proof,otherwise we will not be using it
0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 250 total points
ID: 39870588
You can read what the Splunk people say about it: https://www.splunk.com/web_assets/pdfs/secure/Splunk_as_a_SIEM_Tech_Brief.pdf

HTH,
Dan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39870632
It is a SIEM, but you should never use anything until you get a Proof of Concept going. The Vendors will give you a license for free to use the product for a few days, weeks or months, you have to contact their sales staff to get the details. Also note you need to know your logs before you go with a vendor or SIEM. Splunk hates binary logs, so you could have trouble using them against SQL-Trace logs for example. There aren't that many binary logs out there, but you need to make sure the product can digest them if you have them.

As for the Dashboard or setup of the GUI, you have to customize most yourself, either by making saved quries or by editing a few items of html. Customization tends to be extra when dealing with most monitoring products, get the details of that up front.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 39870778
we would use it for security alerts and warnings our network-devices (cisco,sourcefire,ISA,etc.) do produce.
instead of having just a mail which will be rarely not readen at all, i want to have alerts nicely displayed in a GUI
0
 

Author Comment

by:DukewillNukem
ID: 39884992
so,bettween all those tools, Splunk would fulfill all our needs,incl. SIEM capabilities?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39885449
Kinda... make sure you get a PoC for anything you want to try, you will be choosing between the lesser of the evils here. Not one tool here does everything you are asking for out of the box, they will all need to be customized.
Also note that if you are using Snort or Suricata for your IDS, and the logs contain hex encodings, Splunk will be useless at displaying packet payloads. You need to have Barnyard2 export the logs to ASCII only, and then splunk can digest and display the alerts, but the payload will be missing.
You won't spot that until you Demo or PoC these tools. While Nagios can search logs just fine, that isn't the only thing a SIEM does. Also SIEM's often don't come with alert's pre-made, you have to make them or pay for them. Bottom line is to get each product tested and see what fits best for you needs, you may need more than one, most of us do.
-rich
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
User Account Question 6 50
sample of wannacry 3 291
Having private conversations... 3 29
Linksys EA8500 3 21
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question