Educause Security Discussion mailing list archives
Re: Log management
From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 31 Jan 2007 09:37:46 -0600
Can splunk deliver automated reports? Last I played with it, it seemed like something that might be good for people to go troubleshoot an issue but not something that could easily automate reporting on specific activities. I had the same problem after viewing an ArcSight demo for their Logger device. Seems great for centralizing, bad for automated reporting. I'm explicitly not looking for something that does real-time alerting ala OSSEC for many of these things.
-----Original Message----- From: Alex Campoe [mailto:campoe () USF EDU] Sent: Wednesday, January 31, 2007 8:26 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Log management We are in the process of deploying Splunk within our environment. I experimented with a handful of machines and was very impressed with
the
search features, allowing us to correlate, for instance, brute force SSH attempts from remote machines across the machines covered easily. Definitely worth a look.
Current thread:
- Log management Charles L. Bombard (Jan 31)
- <Possible follow-ups>
- Re: Log management Mclaughlin, Kevin L (mclaugkl) (Jan 31)
- Re: Log management John Bullock (Jan 31)
- Re: Log management Jeff Giacobbe (Jan 31)
- Re: Log management Alex Campoe (Jan 31)
- Re: Log management Charles L. Bombard (Jan 31)
- Re: Log management Chris Green (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Nick Lewis (Jan 31)
- Re: Log management Greg Vickers (Jan 31)
- Re: Log management Jason Richardson (Feb 01)
- Re: Log management John Ladwig (Feb 01)
- Re: Log management Wes Young (Feb 01)
- Re: Log management Mark Bauer (Feb 01)
- Re: Log management Kees Leune (Feb 20)