Educause Security Discussion mailing list archives
Re: Log management
From: Nick Lewis <lewisnic () ACM ORG>
Date: Wed, 31 Jan 2007 18:12:58 -0500
To get around the access control issues, we setup multiple instances of Splunk on the same server running on different ports. Nick ----- Original Message ----- From: "Isaac Straley" <straley () UCI EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Wednesday, January 31, 2007 10:47 AM Subject: Re: [SECURITY] Log management
I, from a personal viewpoint, really like Splunk. It's got great indexing, a variety of input methods, and easy to use search and correlation capabilities. My only real beef with it currently is the access control system. It's very basic with three roles which mainly revolve around the ability to add inputs and alerts. This is not bad in a very small or controlled environment, but depending on your definition of "centralized" this can create problems if you want to limit access to view (or even list) some or all of the logs. My understanding from talking to their reps is a better access control system is in development, but it's sometime away. There was supposed to be a release which made some progress in this area but unless I have missed something, they have not done it yet. If this is not a problem for your environment, Splunk is well worth looking at. Isaac -- Isaac Straley Manager, IT Security Network & Academic Computing Services University of California, Irvine straley () uci edu (949) 824-1471 Jeff Giacobbe wrote:Charles- I've heard good thinks about Splunk (splunk.org) though I haven't really kicked the tires myself yet. Splunk can index and search all kinds of system and network log data in near real-time and has some alerting functions as well. It's free for up to 500MB of log data per day. More than that requires a license. -- Jeff Giacobbe Director of Systems, Security, and Networking Montclair State University
Current thread:
- Log management Charles L. Bombard (Jan 31)
- <Possible follow-ups>
- Re: Log management Mclaughlin, Kevin L (mclaugkl) (Jan 31)
- Re: Log management John Bullock (Jan 31)
- Re: Log management Jeff Giacobbe (Jan 31)
- Re: Log management Alex Campoe (Jan 31)
- Re: Log management Charles L. Bombard (Jan 31)
- Re: Log management Chris Green (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Nick Lewis (Jan 31)
- Re: Log management Greg Vickers (Jan 31)
- Re: Log management Jason Richardson (Feb 01)
- Re: Log management John Ladwig (Feb 01)
- Re: Log management Wes Young (Feb 01)
- Re: Log management Mark Bauer (Feb 01)
- Re: Log management Kees Leune (Feb 20)