Have you taken a look at:

http://www.sans.org/security-resources/top5_logreports.pdf?ref=3766

Also, if your collecting network traffic, its always nice to see things like workstations/endpoints creating the highest traffic volume, workstations that are utilizing banned protocols, etc. etc.


--
Ziggy

In my experience, execs like to see security related to dollars.   They react better when you are prepared to tell them:

a.  how much is it going to cost us?
b.  what is the potential cost if we don't do this?

I think that if you put security in the terms of risk analysis, they will respond better to your presentation.   

I think that charts and graphs are an excellent idea, especially if they rating the security issues in terms of cost, risk, and impact.

These are just my two cents.

Downloading now, Don.  I put your site and you as the person who referred me to this solution.

Thanks to you as well, Ketchup!  Good ideas to go off of.  I am going to start this today and see how it goes.

I can't believe I didn't think of Splunk. I use the free version of Splunk as well, but I love it!

We use it with syslog-ng on our Solaris/RedHat servers for our log server. We've also incorporated all our Cisco logging, and a few of our Windows servers (with Snare). We are soon to start incorporating Apache and Weblogic logs to our implementation.

Splunk is awesome!!! Its not so intuitive to configure, but its VERY intuitive to use through the GUI once setup. The commercial version is not that expensive (depending on how much throughput you need) to boot...

--
Ziggy

Well, Splunk has been scrapped.  The cost is too high for us to use and I will have to find a clever way to do this and am thinking I may leverage what I already have internally.  Thanks for the help as always!

Sweet....I will take a gander at that.  I appreciate that.

WOW!  I'd say a couple of them would do the trick.  I will have to demo it and see what pricing is like.