Re: [Ext] [SECURITY] NagiosLS and CLM recommandations

["Biggs, Nathanael" <nbiggs112 () CEDARVILLE EDU>]

We use NagiosLS currently (looking to move to Splunk, someday).

Pros:

   - Searches logs using Lucene query language, which can do almost
   everything I've needed it to
   - Performs well for the amount of logs we get (20-30GB/day, keeping 30
   days worth of indexes open at a time).
   - Can export to CSV, which has come in handy more often than I thought
   it would.
   - Can do simple alerting based on # of records matched on a search over
   a period of time.

Cons:

   - Correctly pulling indexable fields out of non-standard log formats
   (are there any other kind?) requires a BA in logstash and grok.
   - I've had trouble with the "automated" maintenance that is supposed to
   close and delete old indexes once they've aged out. This just means I have
   to go in once a month to close old indexes (for memory management), and
   delete old indexes (for disk space management)
   - Update/setup process is somewhat manual.
   - Comes with the basic Kibana dashboard panels, but not much else.
   - Documentation could be better.

Basically, if you want a simple log storage and search platform, it's
pretty good for the price. If you're looking for a SIEM, if you need fancy
data analysis or reporting, or if you're not willing to spend several hours
debugging grok patterns to match your non-standard log formats, might not
be a great fit.





Nathanael Biggs
*Network Analyst*
Information Technology
*Adjunct Professor*
School of Business Administration
*Cedarville University*
o: 937-766-7905
www.cedarville.edu
<https://twitter.com/cedarville>
<https://www.youtube.com/user/cedarvilleu>
<https://www.facebook.com/cedarville>
<https://www.linkedin.com/in/nathanael-biggs-86595125/>
<https://www.instagram.com/cedarville/>


On Wed, Jun 24, 2020 at 2:15 PM Zepu Chen <zepu.chen () denison edu> wrote:

> Good Afternoon All,
>
> We are reviewing the Nagios Log server to replace our current logging
> management system. Does anyone use NagiosLS currently in your environment?
> How do you like the product? Anything we should be aware of before fully
> commit to the solution?
> Also, any recommendations for the CLM application other than NagiosLS? We
> would love to explore other options as well.
> Thank you in advance for your time.
>
> Thanks,
>
> [image: Denison University] <https://denison.edu/>
>
> *Zepu Chen*
> *Systems & Security Administrator*
> Information Technology Services
>
> Office: 740-587-5307 <1-740-587-5307>
> zepu.chen () denison edu
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community