PaulDotCom mailing list archives
your log management tools of choice?
From: chris.bentley at sky.com (Chris Bentley)
Date: Tue, 9 Jun 2009 11:57:10 +0100
http://www.loganalysis.org/ The above site has some good information on the use of log analysis and some of the tools that can be used. Sorry if its already been posted. 2009/6/9 Keith Pawson <keith at winnetworks.com>
One more thing you might want to look at that I have used for the past 8 months is phpLogCon, which is free/open source and supports Syslog, Win EventLog and SNMP trap data, see: http://www.phplogcon.org/ Although it does not seem to scale well with huge amounts of data (for me) it is doing the job with several Firewalls, Switches and Linux boxes sending all their Syslog info to it. I?m using it on a Debian LAMP server and I just archive the DB every quarter and start fresh. I guess you could use Splunk for heavy analysis and looking at the archive data and phpLogCon for every day checking. *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto: pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Andrew Anderson *Sent:* Saturday, 6 June 2009 05:17 *To:* PaulDotCom Security Weekly Mailing List *Subject:* Re: [Pauldotcom] your log management tools of choice? Thank you all for your thoughts.... I am partial to open source for now. I need to be able to show some value before looking for a budget on this one (other than my time). It sounds like the consensus is pointing to Splunk as a good starting point. I do use Aanval on my IDS boxes and should probably look at it for this... I wanted to get some opinons first though. On Fri, Jun 5, 2009 at 12:27 PM, scott burkhart <burkhart.scott at gmail.com> wrote: A previous poster mentioned Cisco Mars, I utilize a Mars device and can highly recommend it. We process over 30 million events (firewall logs, windows event logs, linux logs, router logs) a day and it makes short work of analyzing data. Used Splunk (still actually use splunk installed locally as needed) for a while and it worked great as well. On Fri, Jun 5, 2009 at 1:06 PM, Michael Douglas <mick at pauldotcom.com> wrote: If you're not opposed to commercial products, I can highly recommend LogRhythm. It's quite powerful, yet easy to use. Note that with any log analyzer, the setup is a pain. - Mick On Fri, Jun 5, 2009 at 1:58 PM, John Lowry<johnlowry at gmail.com> wrote:I really like using OSSEC on my syslog machine to scan for EOI for me an alert me when stuff happens. I then use Splunk for searching through those events. Paul Asadoorian wrote:Splunk was one of those tools that got popular after I left the university. I think we need to do a tech segment on it as its been highly recommended by many. Cheers, Paul Russell Butturini wrote:Commercial or open source? For commercial we like Cisco?s CS-MARS, but that?s a big investment. Free tools, Splunk is pretty darn good._______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com -- Andrew Anderson andrew at a2-technologies.com, andycapp92 at gmail.com 403.827.3802 403.249.4278 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090609/62e49fac/attachment.htm
Current thread:
- your log management tools of choice?, (continued)
- your log management tools of choice? Jim Halfpenny (Jun 05)
- your log management tools of choice? Paul Asadoorian (Jun 05)
- your log management tools of choice? Nicholas B. (Jun 05)
- your log management tools of choice? Russell Butturini (Jun 05)
- your log management tools of choice? Paul Asadoorian (Jun 05)
- your log management tools of choice? John Lowry (Jun 05)
- your log management tools of choice? Michael Douglas (Jun 05)
- your log management tools of choice? scott burkhart (Jun 05)
- your log management tools of choice? Andrew Anderson (Jun 05)
- your log management tools of choice? Keith Pawson (Jun 08)
- your log management tools of choice? Chris Bentley (Jun 09)
- your log management tools of choice? Jack Daniel (Jun 09)
- your log management tools of choice? William Hooper (Jun 09)
- your log management tools of choice? Jody & Jennifer McCluggage (Jun 09)
- your log management tools of choice? Paul Asadoorian (Jun 05)
- your log management tools of choice? Jim Halfpenny (Jun 05)
- your log management tools of choice? Ron Gula (Jun 10)
- your log management tools of choice? Tim Mugherini (Jun 05)
- your log management tools of choice? Nicholas B. (Jun 06)
- your log management tools of choice? Ron Gula (Jun 07)