Re: Syslog parsing

["Jenkins, Matthew" <mjenkins7 () FAIRMONTSTATE EDU>]

Have you seen any performance downsides to Kiwi?  Or is the professional version more efficient than the shareware 
version?  I tested Kiwi once with a couple firewalls and a dozen or so servers.  It used a ton of CPU on the server I 
was running it on (dual 2.8 Xeon).

I found a bunch of hits while searching SourceForge.  One commercial product that came up in their ads was ManageEngine 
EventLog Analyzer.  Maybe that would help?

http://manageengine.adventnet.com/products/eventlog/index.html

Is anyone using Splunk for syslog viewing?  I have seen it advertised quite a bit on SourceForge.

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
304.367.4955
Visit us online at www.fairmontstate.edu
________________________________________
From: Justin Dover [mailto:Dover () HARPETHHALL ORG] 
Sent: Tuesday, April 25, 2006 11:32 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Syslog parsing

Kiwi syslog is great.  The prof. version has tons of options, easy to use and not too $$$.

Justin Dover
Harpeth Hall School
615-346-0082

The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Tuesday, April 25, 2006 at 10:21 
AM -0600 wrote:
We are in the process of engineering more robust and centralized logging to
central syslog servers.  Problem is, once you have gigs and gigs of data,
how do you parse it effectively and efficiently?  

We've looked at a lot of the common open-source parsers out there and
haven't been too impressed.  Anyone know of a good syslog (or syslog-ng)
parser (free or commercial), or developed one in-house?  

The features that we care most about are:

*       Robust slicing of information across different categories (machine
name, IP, event ID, etc.)
*       Correlation capabilities
*       Easy of use (preferably a web GUI, etc. for use by the lowest common
denominator)
*       Low FTE requirements!!!

Thanks in advance.