nanog mailing list archives
Re: events
From: Kevin Kadow <kkadow () gmail com>
Date: Sat, 1 Oct 2011 00:39:49 -0400
On Fri, Sep 30, 2011 at 2:44 PM, Ukpong Ukpong <ukpong.ukpong () gmail com> wrote:
Have you tried qradar? It's rather good
I've used Splunk and QRadar; both are available as free VMware appliances with limitations on log volume, sufficient for testing. Or if you're mostly looking at webserver/proxy/firewall logs, Sawmill is worth checking out. I've also been looking into using Lancope's replicator to take in syslog UDP and send copies to multiple loggers, since some appliances only support a single syslog destination. Kevin
Current thread:
- events harbor235 (Sep 30)
- Re: events Harry Hoffman (Sep 30)
- RE: events Brandon Kim (Sep 30)
- Re: events Beavis (Sep 30)
- RE: events Brandon Kim (Sep 30)
- Re: events Michael Loftis (Sep 30)
- RE: events Brandon Kim (Sep 30)
- Re: events Jason Lixfeld (Sep 30)
- Re: events Ukpong Ukpong (Sep 30)
- Re: events Kevin Kadow (Sep 30)
- RE: events Brandon Kim (Sep 30)
- RE: events Brandon Kim (Sep 30)
- RE: events Stephens, Josh (Sep 30)