Collecting Logs from Security Devices at Home

Discussion in 'other security issues & news' started by ronjor, Dec 2, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    https://isc.sans.edu/diary.html?storyid=14614
     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I've worked with Splunk/ArcSight in the past, they I feel would not be best used in a home environment as they are primary used for data collection/analysis across small/medium cloud/network environments with many nodes. Also splunk trial I believe charges based on certain amount of data processed after n time. Unless that has change since I worked with it last. Not to mention both these solutions require some sql knowledge to query results.

    For home users, setting up simple logging server with just their native linux distros should be sufficient.
     
  3. BrandiCandi

    BrandiCandi Guest

    Totally agree, unless the home user is a megageek.
    Nope, hasn't changed, although the amount of data a home user would generate would probably be free. For enterprises the costs add up quickly if they've got lots of endpoints.

    Maybe I'm a curmudgeon, but here's my thought. Great, so home users can aggregate logs. Super. What on earth are they supposed to do with them? Are there really home users out there that comb through their logs on any kind of regular basis? You could set thresholds and be emailed if events occur. But without some serious networking knowledge, I can't imagine this would end up being useful for any home user. If anything it would freak them out to see China scanning their IP 10 times a day, when really it's normal and the router firewall blocks it all.

    I would NOT recommend log aggregation to any home user unless they wanted to be professional network or security engineers. Log collection would discourage and/or scare the crap out of anyone who can't make sense out of the logs.
     
  4. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I agree. While log aggregation is great for enterprise level analysis, a home user will never generate the amount of data to make such a collection process worthwhile. If I recall correctly the last time I worked with log aggregation, we were dealing with a cloud environment that was collecting ~40 petabytes of log data annually. If a home user is generating that much syslog data I stand corrected (Not to mention terrified).

    For home users as I stated above a simple log server monitoring for some thresholds to generate alerts would be sufficient.
     
Loading...
Thread Status:
Not open for further replies.