PaulDotCom mailing list archives
your log management tools of choice?
From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Tue, 9 Jun 2009 22:30:48 -0400
I have used Logcheck to automate log monitoring on Linux/Unix machines. It does not appear that it is currently under active management (has not been updated since 2004) but has worked well for what I have used it for. It sounds like I may have to give Splunk a look though. Jody _____ From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Chris Bentley Sent: Tuesday, June 09, 2009 6:57 AM To: keith at winnetworks.com; PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] your log management tools of choice? http://www.loganalysis.org/ The above site has some good information on the use of log analysis and some of the tools that can be used. Sorry if its already been posted. 2009/6/9 Keith Pawson <keith at winnetworks.com> One more thing you might want to look at that I have used for the past 8 months is phpLogCon, which is free/open source and supports Syslog, Win EventLog and SNMP trap data, see: http://www.phplogcon.org/ Although it does not seem to scale well with huge amounts of data (for me) it is doing the job with several Firewalls, Switches and Linux boxes sending all their Syslog info to it. I'm using it on a Debian LAMP server and I just archive the DB every quarter and start fresh. I guess you could use Splunk for heavy analysis and looking at the archive data and phpLogCon for every day checking. From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Andrew Anderson Sent: Saturday, 6 June 2009 05:17 To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] your log management tools of choice? Thank you all for your thoughts.... I am partial to open source for now. I need to be able to show some value before looking for a budget on this one (other than my time). It sounds like the consensus is pointing to Splunk as a good starting point. I do use Aanval on my IDS boxes and should probably look at it for this... I wanted to get some opinons first though. On Fri, Jun 5, 2009 at 12:27 PM, scott burkhart <burkhart.scott at gmail.com> wrote: A previous poster mentioned Cisco Mars, I utilize a Mars device and can highly recommend it. We process over 30 million events (firewall logs, windows event logs, linux logs, router logs) a day and it makes short work of analyzing data. Used Splunk (still actually use splunk installed locally as needed) for a while and it worked great as well. On Fri, Jun 5, 2009 at 1:06 PM, Michael Douglas <mick at pauldotcom.com> wrote: If you're not opposed to commercial products, I can highly recommend LogRhythm. It's quite powerful, yet easy to use. Note that with any log analyzer, the setup is a pain. - Mick On Fri, Jun 5, 2009 at 1:58 PM, John Lowry<johnlowry at gmail.com> wrote:
I really like using OSSEC on my syslog machine to scan for EOI for me an alert me when stuff happens. I then use Splunk for searching through those events. Paul Asadoorian wrote:Splunk was one of those tools that got popular after I left the university. I think we need to do a tech segment on it as its been highly recommended by many. Cheers, Paul Russell Butturini wrote:Commercial or open source? For commercial we like Cisco's CS-MARS, but that's a big investment. Free tools, Splunk is pretty darn good._______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com -- Andrew Anderson andrew at a2-technologies.com, andycapp92 at gmail.com 403.827.3802 403.249.4278 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.339 / Virus Database: 270.12.60/2166 - Release Date: 06/09/09 18:08:00 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090609/f6592dba/attachment.htm
Current thread:
- your log management tools of choice?, (continued)
- your log management tools of choice? Russell Butturini (Jun 05)
- your log management tools of choice? Paul Asadoorian (Jun 05)
- your log management tools of choice? John Lowry (Jun 05)
- your log management tools of choice? Michael Douglas (Jun 05)
- your log management tools of choice? scott burkhart (Jun 05)
- your log management tools of choice? Andrew Anderson (Jun 05)
- your log management tools of choice? Keith Pawson (Jun 08)
- your log management tools of choice? Chris Bentley (Jun 09)
- your log management tools of choice? Jack Daniel (Jun 09)
- your log management tools of choice? William Hooper (Jun 09)
- your log management tools of choice? Jody & Jennifer McCluggage (Jun 09)
- your log management tools of choice? Paul Asadoorian (Jun 05)
- your log management tools of choice? Russell Butturini (Jun 05)
- your log management tools of choice? Ron Gula (Jun 10)
- your log management tools of choice? Tim Mugherini (Jun 05)
- your log management tools of choice? Nicholas B. (Jun 06)
- your log management tools of choice? Ron Gula (Jun 07)