Educause Security Discussion mailing list archives

Re: Syslog parsing

From: Justin Dover <Dover () HARPETHHALL ORG>
Date: Tue, 25 Apr 2006 12:38:32 -0500

I run it on a 3ghz desktop PC.  I collect syslog from my Cisco asa5510, my cisco content engine, my cisc router, my 
UPS's, and a few other devices.  I never notice any slowness.  It has tons of logging features, rules, etc.  I can 
parse out words,
numbers, IPs, MACs, etc out and put them into seperate log files that rotate each day, week, month, whatever i want.  I 
am not sure if it is the best but it works well for me.  I only use it a few times per month though.

Justin Dover
Harpeth Hall School
615-346-0082

The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Tuesday, April 25, 2006 at 11:48 
AM -0600 wrote:

Have you seen any performance downsides to Kiwi?  Or is the professional version more efficient than the shareware 
version?  I tested Kiwi once with a couple firewalls and a dozen or so servers.  It used a ton of CPU on the server I 
was running it on
(dual 2.8 Xeon).

Current thread:

Syslog parsing Penn, Blake (Apr 25)
- <Possible follow-ups>
- Re: Syslog parsing Justin Dover (Apr 25)
- Re: Syslog parsing Steve Lovaas (Apr 25)
- Re: Syslog parsing Jenkins, Matthew (Apr 25)
- Re: Syslog parsing Keith Schoenefeld (Apr 25)
- Re: Syslog parsing Justin Dover (Apr 25)
- Re: Syslog parsing Christopher Arnold (Apr 25)
- Re: Syslog parsing Greg Vickers (Apr 25)