A Framework to Collect Security Events for Intrusion Analysis
It becomes a problem when you have several firewalls, intrusion sensors or servers and to top it off, not all firewalls and intrusion sensors generate logs in a standard format. This means you may need several tools to analyze data maybe even one tool per each device per vendor. This can be a mess....