PaulDotCom mailing list archives
Re: Splunk with Tunnel
From: Steven McGrath <steve () chigeek com>
Date: Mon, 20 Jun 2011 11:15:32 -0500
Splunk has their deployment server which would allow you to manage all the deployed forwarders centrally. Might be worth a look over. On Wed, May 18, 2011 at 4:44 PM, Michael Lubinski < michael.lubinski () gmail com> wrote:
I'm just trying to find the best way to provide a Splunk style service but it would be really nice to be able to manage all of them through a centralized console. We have looked at products like Kaseya or Manage Engine but its a hard sell to management for them to drop the investment with no body buying it right away. Advice anyone? Yes were talking about security on a budget here, oohohh yeah.. On Wed, May 18, 2011 at 12:57 PM, Bojan Zdrnja (SANS ISC) < bojan.isc () gmail com> wrote:Michael, On Wed, May 18, 2011 at 4:09 PM, Michael Lubinski <michael.lubinski () gmail com> wrote:Has anyone ever tried using Splunk like in a managed servicesenvironment.Meaning a bunch of your customers Splunk servers send data back to amainSplunk server through a tunnel of some sorts. Replace Splunk == your product of choice<disclosure> My company is a Splunk partner. </disclosure> Well, if you have a Splunk forwarder running it can send logs directly over an SSL connection. However, that would require all hosts to be able to connect to your main indexer which is probably something the customer(s) won't like. That being said - you have zillion options with Splunk. You can run an indexer at each customer's site and then just search through logs from your central site. Or, you can have Splunk agents send logs to another forwarder which then sends logs to your site - that way, only 1 server needs to be able to connect to your site. Finally, you can tunnel this traffic through SSH or whatever you want ... Hope this helps, shoot if you have more questions. Cheers, Bojan _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Splunk with Tunnel Michael Lubinski (May 18)
- Re: Splunk with Tunnel Jim Halfpenny (May 18)
- Re: Splunk with Tunnel Bojan Zdrnja (SANS ISC) (May 18)
- Re: Splunk with Tunnel Michael Lubinski (May 18)
- Re: Splunk with Tunnel Steven McGrath (Jun 20)
- Re: Splunk with Tunnel Michael Lubinski (May 18)