Educause Security Discussion mailing list archives
Re: Syslog parsing
From: Keith Schoenefeld <schoenk () UTULSA EDU>
Date: Tue, 25 Apr 2006 11:58:53 -0500
The folks at yorku.edu mentioned logsurfer+ at the resent Educause SP06 conference. After discussing it more extensively with them post-conference, I plan on giving it a serious look. I believe the proper link to the program they were using is: -- KS Penn, Blake wrote:
We are in the process of engineering more robust and centralized logging to central syslog servers. Problem is, once you have gigs and gigs of data, how do you parse it effectively and efficiently? We've looked at a lot of the common open-source parsers out there and haven't been too impressed. Anyone know of a good syslog (or syslog-ng) parser (free or commercial), or developed one in-house? The features that we care most about are: * Robust slicing of information across different categories (machine name, IP, event ID, etc.) * Correlation capabilities * Easy of use (preferably a web GUI, etc. for use by the lowest common denominator) * Low FTE requirements!!! Thanks in advance. ____________________________________________ Blake Penn, CISSP Information Security Officer University of Wisconsin-Whitewater (p) 262-472-5513 (f) 262-472-1285 pennb () uww edu | http://www.uww.edu/security/
-- Keith Schoenefeld Manager of College Computer Services ENS Computer Services (ECS) College of Engineering and Natural Sciences The University of Tulsa Phone: 918-631-2548 Fax: 918-631-5089
Current thread:
- Syslog parsing Penn, Blake (Apr 25)
- <Possible follow-ups>
- Re: Syslog parsing Justin Dover (Apr 25)
- Re: Syslog parsing Steve Lovaas (Apr 25)
- Re: Syslog parsing Jenkins, Matthew (Apr 25)
- Re: Syslog parsing Keith Schoenefeld (Apr 25)
- Re: Syslog parsing Justin Dover (Apr 25)
- Re: Syslog parsing Christopher Arnold (Apr 25)
- Re: Syslog parsing Greg Vickers (Apr 25)