No subject

meets my requirements or desires - but some come close. Different products
have different focus, and any product that claims to do it all, likely
doesn't understand the space.

Many folks swear by Splunk, think it is awesome - but I think its more
geared toward generic log aggragation and searching instead of pure SIM/SEM=
.
My notes here on Splunk are from around April 2008, and they have extremely
improved the product since then.

Pro:
Platform independent
Database direct queries
Fast drill downs
Traditional search bar functionality (like Google)
Public log message repository

Con:
Pricing based on database input speeds
MySQL back end, unknown if there are other options
Brand new product, not reviewed by publishers, minimal information on web
Lacking in ad hock reporting
Some of the functionality requires off site resources (Public log message
repository)
Good open source & information sharing, not good for a classified
environment
Not as robust as other solutions in the version tested.
Early in the product development, suggest reevaluation after a few version
releases.

Other info:
Application demo available online
Configured a text box locally for an evaluation & review. Setup and
evaluation was great, but we feel it is not as robust or has the essential
elements for the task in the version tested.


Other options (products) I know of:
- Enterprise Security Analyzer (ESA) from EIQ networks
- Security Center 3.0, Log Correlation Engine, & passive vulnerability
scanner from Tenable Network Security
- ELM Enterprise Manager=994.0 from TNT Software
- Splunk
- Novell Sentinel 5
- Sensage
- Activeworkx Security Center =96 CrossTec Corporation
- eTrust Security commend center
- Eventia Analyzer 2.0 by Checkpoint
- Insight Security manager by Consul
- Intellitactics
- Security Management Center (SMC) by OpenService
- ArcSight Enterprise Security Manager (ArcSight ESM)
- Big Brother Log Analyzer (BBLA)
- Doriansoft
- Event Tracker by Prism Microsystems
- fwlogwatch
- Kiwi Syslog
- LogCaster, from Rippletech
- MARS 200 and SIMS (CiscoWorks) =96 Cisco
- Metalog
- Modular Syslog (Msyslog)
- MonitorWare Line, from Adiscon
- NetIQ
- nsyslog
- Open Source Host-based Intrusion Detection System (OSSEC HIDS)
- Open Source Security Information Management (OSSIM)
- rsyslog
- San Diego Supercomputer Center (SDSC) Secure Syslog
- Security Event Log Monitor (S.E.L.M.) by GFI LANguard
- Syslog New Generation (Syslog-ng)
- WinSyslog
- The Simple Event Correlator -
http://www.estpak.ee/~risto/sec/<http://www.estpak.ee/%7Eristo/sec/>
- Lasso -  http://blog.loglogic.com/project_lasso/

The appliance types:
- enVision by Network Intelligence
- HighTower Security Event Manager
- LogLogic
- Q1 Labs QRadar
- Snare Server from InterSect Alliance
- Symantec - SIM 9500 Series
- TriGeo

Does all this help, or did just make your life worse? :) Hope this helps! :=
)