Security event log reports

Joined
2 Mar 2009
Posts
228
Location
republic of Agdgdgwngo
I recently started at an IT support company and part of my remit is to review the company’s network monitoring system, packetTrap. This software reports very well on network performance but the operations manager doesn’t like the reports it produces for security logs. Some security log reports are short about 5 pages and very long 40-100 pages depending on how large the company is that we monitor. What makes the reports long is events that happens multiple times and PacketTrap has no way of grouping/condensing duplicate events.

I’ve written an excel macro that will delete the duplicate events but then you can’t see how many times that event happened i.e. 20 failed login attempts from user x.

Does anyone have any suggested monitoring platforms that can summarise duplicate security events? I’ve already showed my boss (operations manager) EventLog Analyzer from manage engine but he’s hesitant to buy something that does one small thing.
 
Permabanned
Joined
28 Dec 2009
Posts
13,052
Location
london
Associate
Joined
25 Jun 2004
Posts
1,249
Location
Cardiff
I personally would avoid anything manage engine produce. We use applications manager for years and had nothing but constant issues with it, their support was equally dire!
 
Top Bottom