Educause Security Discussion mailing list archives
Re: Log Management
From: Justin Azoff <JAzoff () UAMAIL ALBANY EDU>
Date: Fri, 5 Mar 2010 10:51:33 -0500
On Fri, Mar 05, 2010 at 10:11:24AM -0500, Hammond, Stanley wrote:
The other option I tested was Splunk which I liked, but because it access Windows systems using WMI it looked like the some of the Windows virtual machines took a performance hit (according to our Technical Director).
I have a feeling that the problem you ran into was that you had the "Windows" app enabled which aggresively logs many things you probably don't care about, like cpu or memory usage. The "Unix" app does the same thing. If disabling all of the extras in the Windows app doesn't help, or you really don't want to run splunk on the servers, you could set it up using: Windows+snare -> syslog+splunk forwarder -> splunk indexer instead of Windows+splunk forwarder -> splunk indexer However, If you do that you use some of the benefits of having the forwarder running on the box itself. -- -- Justin Azoff -- Network Security & Performance Analyst
Current thread:
- Log Management Hammond, Stanley (Mar 05)
- <Possible follow-ups>
- Re: Log Management Bradley, Stephen W. Mr. (Mar 05)
- Re: Log Management Joe Vieira (Mar 05)
- Re: Log Management Pufahl, Jason (Mar 05)
- Re: Log Management Hart, Lee Anne (Mar 05)
- Re: Log Management Justin Azoff (Mar 05)
- Re: Log Management Hart, Lee Anne (Mar 05)
- Re: Log Management Wier, Timothy A. (Mar 05)
- Re: Log Management Christopher Jones (Mar 05)
- Re: Log Management King, Ronald A. (Mar 05)
- Re: Log Management Dexter Caldwell (Mar 05)
- Re: Log Management Ferris, Joe (Mar 10)