PaulDotCom mailing list archives

your log management tools of choice?

From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Tue, 9 Jun 2009 22:30:48 -0400

I have used Logcheck to automate log monitoring on Linux/Unix machines.  It
does not appear that it is currently under active management (has not been
updated since 2004) but has worked well for what I have used it for.  It
sounds like I may have to give Splunk a look though.

 

Jody

 

  _____  

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Chris Bentley
Sent: Tuesday, June 09, 2009 6:57 AM
To: keith at winnetworks.com; PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] your log management tools of choice?

 

http://www.loganalysis.org/
The above site has some good information on the use of log analysis and some
of the tools that can be used.

Sorry if its already been posted.



2009/6/9 Keith Pawson <keith at winnetworks.com>

One more thing you might want to look at that I have used for the past 8
months is phpLogCon, which is free/open source and supports Syslog, Win
EventLog and SNMP trap data, see:

http://www.phplogcon.org/

 

Although it does not seem to scale well with huge amounts of data (for me)
it is doing the job with several Firewalls, Switches and Linux boxes sending
all their Syslog info to it. I'm using it on a Debian LAMP server and I just
archive the DB every quarter and start fresh.

 

I guess you could use Splunk for heavy analysis and looking at the archive
data and phpLogCon for every day checking.

 

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Andrew Anderson
Sent: Saturday, 6 June 2009 05:17


To: PaulDotCom Security Weekly Mailing List

Subject: Re: [Pauldotcom] your log management tools of choice?

 

Thank you all for your thoughts....

I am partial to open source for now.  I need to be able to show some value
before looking for a budget on this one (other than my time).  It sounds
like the consensus is pointing to Splunk as a good starting point.  I do use
Aanval on my IDS boxes and should probably look at it for this...  I wanted
to get some opinons first though.

On Fri, Jun 5, 2009 at 12:27 PM, scott burkhart <burkhart.scott at gmail.com>
wrote:

A previous poster mentioned Cisco Mars, I utilize a Mars device and can
highly recommend it. We process over 30 million events (firewall logs,
windows event logs, linux logs, router logs) a day and it makes short work
of analyzing data. Used Splunk (still actually use splunk installed locally
as needed) for a while and it worked great as well.

 

On Fri, Jun 5, 2009 at 1:06 PM, Michael Douglas <mick at pauldotcom.com> wrote:

If you're not opposed to commercial products, I can highly recommend
LogRhythm.  It's quite powerful, yet easy to use.  Note that with any
log analyzer, the setup is a pain.

- Mick


On Fri, Jun 5, 2009 at 1:58 PM, John Lowry<johnlowry at gmail.com> wrote:

I really like using OSSEC on my syslog machine to scan for EOI for me an
alert me when stuff happens. I then use Splunk for searching through
those events.

Paul Asadoorian wrote:

Splunk was one of those tools that got popular after I left the
university.  I think we need to do a tech segment on it as its been
highly recommended by many.

Cheers,
Paul

Russell Butturini wrote:

Commercial or open source? For commercial we like Cisco's CS-MARS, but
that's a big investment.  Free tools, Splunk is pretty darn good.

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

 


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
Andrew Anderson
andrew at a2-technologies.com, andycapp92 at gmail.com

403.827.3802
403.249.4278


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

 

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.339 / Virus Database: 270.12.60/2166 - Release Date: 06/09/09
18:08:00

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090609/f6592dba/attachment.htm

Current thread:

your log management tools of choice?, (continued)
- your log management tools of choice? Russell Butturini (Jun 05)
  - your log management tools of choice? Paul Asadoorian (Jun 05)
    - your log management tools of choice? John Lowry (Jun 05)
    - your log management tools of choice? Michael Douglas (Jun 05)
    - your log management tools of choice? scott burkhart (Jun 05)
    - your log management tools of choice? Andrew Anderson (Jun 05)
    - your log management tools of choice? Keith Pawson (Jun 08)
    - your log management tools of choice? Chris Bentley (Jun 09)
    - your log management tools of choice? Jack Daniel (Jun 09)
    - your log management tools of choice? William Hooper (Jun 09)
    - your log management tools of choice? Jody & Jennifer McCluggage (Jun 09)
    - your log management tools of choice? Ron Gula (Jun 10)
- your log management tools of choice? Paul Asadoorian (Jun 05)
- your log management tools of choice? Chris Merkel (Jun 05)
  - your log management tools of choice? Tim Mugherini (Jun 05)
    - your log management tools of choice? Nicholas B. (Jun 06)
    - your log management tools of choice? Ron Gula (Jun 07)