Educause Security Discussion mailing list archives

Re: Syslog parsing

From: Steve Lovaas <steven.lovaas () COLOSTATE EDU>
Date: Tue, 25 Apr 2006 10:44:51 -0600

Take a look at SPLUNK as well:

http://www.splunk.com/

Steve Lovaas

Justin Dover wrote:

[ http://www.kiwisyslog.com/index.php ]Kiwi syslog is great.  The prof. version has tons of options, easy to use and 
not too $$$.

Justin Dover
Harpeth Hall School
615-346-0082

The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Tuesday, April 25, 2006 at 
10:21 AM -0600 wrote:

We are in the process of engineering more robust and centralized logging to
central syslog servers.  Problem is, once you have gigs and gigs of data,
how do you parse it effectively and efficiently?

We've looked at a lot of the common open-source parsers out there and
haven't been too impressed.  Anyone know of a good syslog (or syslog-ng)
parser (free or commercial), or developed one in-house?

The features that we care most about are:

*    Robust slicing of information across different categories (machine
name, IP, event ID, etc.)
*    Correlation capabilities
*    Easy of use (preferably a web GUI, etc. for use by the lowest common
denominator)
*    Low FTE requirements!!!

Thanks in advance.

Current thread:

Syslog parsing Penn, Blake (Apr 25)
- <Possible follow-ups>
- Re: Syslog parsing Justin Dover (Apr 25)
- Re: Syslog parsing Steve Lovaas (Apr 25)
- Re: Syslog parsing Jenkins, Matthew (Apr 25)
- Re: Syslog parsing Keith Schoenefeld (Apr 25)
- Re: Syslog parsing Justin Dover (Apr 25)
- Re: Syslog parsing Christopher Arnold (Apr 25)
- Re: Syslog parsing Greg Vickers (Apr 25)