AO contribution could be helpful around here!

I'm looking for an open source that makes log correlation.

Just to clarify let's take an example.
network is composed by 2 segments:
1- Internal (traffic flows that requires internet connection goes through the DMZ...)
2- DMZ
Both segments are protected by firewall (iptables for linux fans), and by NIDS (snort -> rule based).
DMZ servers are monitrored by host IDS.

What I'm looking for is a tool that centralized & correlates all logs to give a synthetic view of what is going on. An obvious case is for instance a simple TCP port DoS attack that could be detected by many IDSs, but getting several logs for the same event is polluting the admin view.

Any idea folks

For those taht are interested into correlation read this http://www.cs.umass.edu/Dienst/Repos...014/postscript
or this http://www.securityfocus.com/infocus/1231

I found one on sourceforge but there is nothing dev yet and it started in 2001... (snif!)
http://sourceforge.net/projects/opencorrelation/