Educause Security Discussion mailing list archives
Re: Syslog parsing
From: Steve Lovaas <steven.lovaas () COLOSTATE EDU>
Date: Tue, 25 Apr 2006 10:44:51 -0600
Take a look at SPLUNK as well: http://www.splunk.com/ Steve Lovaas Justin Dover wrote:
[ http://www.kiwisyslog.com/index.php ]Kiwi syslog is great. The prof. version has tons of options, easy to use and not too $$$. Justin Dover Harpeth Hall School 615-346-0082 The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Tuesday, April 25, 2006 at 10:21 AM -0600 wrote:We are in the process of engineering more robust and centralized logging to central syslog servers. Problem is, once you have gigs and gigs of data, how do you parse it effectively and efficiently? We've looked at a lot of the common open-source parsers out there and haven't been too impressed. Anyone know of a good syslog (or syslog-ng) parser (free or commercial), or developed one in-house? The features that we care most about are: * Robust slicing of information across different categories (machine name, IP, event ID, etc.) * Correlation capabilities * Easy of use (preferably a web GUI, etc. for use by the lowest common denominator) * Low FTE requirements!!! Thanks in advance.
Current thread:
- Syslog parsing Penn, Blake (Apr 25)
- <Possible follow-ups>
- Re: Syslog parsing Justin Dover (Apr 25)
- Re: Syslog parsing Steve Lovaas (Apr 25)
- Re: Syslog parsing Jenkins, Matthew (Apr 25)
- Re: Syslog parsing Keith Schoenefeld (Apr 25)
- Re: Syslog parsing Justin Dover (Apr 25)
- Re: Syslog parsing Christopher Arnold (Apr 25)
- Re: Syslog parsing Greg Vickers (Apr 25)