Associate
- Joined
- 2 Mar 2009
- Posts
- 228
- Location
- republic of Agdgdgwngo
I recently started at an IT support company and part of my remit is to review the company’s network monitoring system, packetTrap. This software reports very well on network performance but the operations manager doesn’t like the reports it produces for security logs. Some security log reports are short about 5 pages and very long 40-100 pages depending on how large the company is that we monitor. What makes the reports long is events that happens multiple times and PacketTrap has no way of grouping/condensing duplicate events.
I’ve written an excel macro that will delete the duplicate events but then you can’t see how many times that event happened i.e. 20 failed login attempts from user x.
Does anyone have any suggested monitoring platforms that can summarise duplicate security events? I’ve already showed my boss (operations manager) EventLog Analyzer from manage engine but he’s hesitant to buy something that does one small thing.
I’ve written an excel macro that will delete the duplicate events but then you can’t see how many times that event happened i.e. 20 failed login attempts from user x.
Does anyone have any suggested monitoring platforms that can summarise duplicate security events? I’ve already showed my boss (operations manager) EventLog Analyzer from manage engine but he’s hesitant to buy something that does one small thing.
