Re: Syslog parsing

[Keith Schoenefeld <schoenk () UTULSA EDU>]

The folks at yorku.edu mentioned logsurfer+ at the resent Educause SP06
conference.  After discussing it more extensively with them
post-conference, I plan on giving it a serious look.  I believe the
proper link to the program they were using is:

-- KS

Penn, Blake wrote:

> We are in the process of engineering more robust and centralized logging to
> central syslog servers.  Problem is, once you have gigs and gigs of data,
> how do you parse it effectively and efficiently?
>
> We've looked at a lot of the common open-source parsers out there and
> haven't been too impressed.  Anyone know of a good syslog (or syslog-ng)
> parser (free or commercial), or developed one in-house?
>
> The features that we care most about are:
>
> *       Robust slicing of information across different categories (machine
> name, IP, event ID, etc.)
> *       Correlation capabilities
> *       Easy of use (preferably a web GUI, etc. for use by the lowest common
> denominator)
> *       Low FTE requirements!!!
>
> Thanks in advance.
>
>
> ____________________________________________
> Blake Penn, CISSP
> Information Security Officer
> University of Wisconsin-Whitewater
> (p) 262-472-5513 (f) 262-472-1285
> pennb () uww edu | http://www.uww.edu/security/


--
Keith Schoenefeld
Manager of College Computer Services
ENS Computer Services (ECS)
College of Engineering and Natural Sciences
The University of Tulsa
Phone: 918-631-2548
Fax: 918-631-5089