Solved

Real-Time Monitoring Tools

Posted on 2014-02-18
12
603 Views
Last Modified: 2014-03-11
i have to evaluate such a tool and im stuck between various products: Splunk,Nagios and Groundwork. We need a Tool that collects logs,warnings,alerts,etc. from our firewalls,IDS, proxies,stc. and displays them clearly arranged in a GUI,divided in chapters. from there,it should be also possible to easily extract that info into a *.xls file, to show that to our management.
0
Comment
Question by:DukewillNukem
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 250 total points
ID: 39867528
Nagios in my opinion is the more powerful tool. It can cover all your monitoring needs. Splunk collects logs and displays them in a nice readable format but thats about it. Lastly Cacti is also very good. Especially for reporting. I use cacti in combination with nagios to cover all my monitoring and reporting needs.
0
 

Author Comment

by:DukewillNukem
ID: 39867555
thx for the reply. how about alerts and warnings? i also need something that can display me statistics,say for the last 6 months how many threats we had,etc.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39867624
Nagios for sure. It can send email alerts and warning and can even be configured to send SMS if you have the sms text message gateway setup. It store statistics until your hard drive gets full. My nagios on a 40GB data drive had 3 years worth of logs before I have to clear space. I monitor about 40 locations and 2 data centers so its probably 250 to 300 unique hosts that I monitor
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39868874
Nagios is not a SIIEM, while it can be configured to alert on so many things, log input is one of those things but that doesn't make it a correlation engine like other SIEM products.

Nagios sounds more like what you want, and it costs sooo much less than anything else.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 39869664
thx for the tip. however,we need a tool with SIEM capabilities. does nagios fulfill that?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39870077
It does not. Splunk, LogRythm or AlienVault would be SIEM. AlienVault is closest to Nagios with it's roots in Opensource. SIEM's aren't all that great in themselves, most end up only being used as log search engines, being more retroactive than proactive. If you get one make sure you use it proactively. I have 12 clients that don't and they spend too much money to just have a log aggregation+search. They are all capable of much much more, and you are going to pay for it, so use it as best you can!
-rich
0
 

Author Comment

by:DukewillNukem
ID: 39870579
so,is Splunk then SIEM or not? if yes,where is this proved? i need 100% sure proof,otherwise we will not be using it
0
 
LVL 34

Accepted Solution

by:
Dan Craciun earned 250 total points
ID: 39870588
You can read what the Splunk people say about it: https://www.splunk.com/web_assets/pdfs/secure/Splunk_as_a_SIEM_Tech_Brief.pdf

HTH,
Dan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39870632
It is a SIEM, but you should never use anything until you get a Proof of Concept going. The Vendors will give you a license for free to use the product for a few days, weeks or months, you have to contact their sales staff to get the details. Also note you need to know your logs before you go with a vendor or SIEM. Splunk hates binary logs, so you could have trouble using them against SQL-Trace logs for example. There aren't that many binary logs out there, but you need to make sure the product can digest them if you have them.

As for the Dashboard or setup of the GUI, you have to customize most yourself, either by making saved quries or by editing a few items of html. Customization tends to be extra when dealing with most monitoring products, get the details of that up front.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 39870778
we would use it for security alerts and warnings our network-devices (cisco,sourcefire,ISA,etc.) do produce.
instead of having just a mail which will be rarely not readen at all, i want to have alerts nicely displayed in a GUI
0
 

Author Comment

by:DukewillNukem
ID: 39884992
so,bettween all those tools, Splunk would fulfill all our needs,incl. SIEM capabilities?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39885449
Kinda... make sure you get a PoC for anything you want to try, you will be choosing between the lesser of the evils here. Not one tool here does everything you are asking for out of the box, they will all need to be customized.
Also note that if you are using Snort or Suricata for your IDS, and the logs contain hex encodings, Splunk will be useless at displaying packet payloads. You need to have Barnyard2 export the logs to ASCII only, and then splunk can digest and display the alerts, but the payload will be missing.
You won't spot that until you Demo or PoC these tools. While Nagios can search logs just fine, that isn't the only thing a SIEM does. Also SIEM's often don't come with alert's pre-made, you have to make them or pay for them. Bottom line is to get each product tested and see what fits best for you needs, you may need more than one, most of us do.
-rich
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How safe is emailing credit card information? 10 77
I wonder how people fake their ip address? 3 39
fb messenger security and privacy 15 62
User Level Security 6 38
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question