PaulDotCom mailing list archives
Re: Looking for some event and security log monitoring software
From: Guillaume Ross <guillaume () binaryfactory ca>
Date: Tue, 10 Jul 2012 22:28:13 -0400
Hi guys, http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree Quote: What does no authentication and access controls mean? • There is no login. The command line or browser can access and control all aspects of Splunk with no user/password prompt. This can lead to issues such as this: http://averagesecurityguy.info/2012/04/12/pwning-a-splunk-server/ So I would say the Free one is really for testing/playing, but not suitable at all for "real work". The good news is Splunk is relatively affordable compared to other "enterprise" solutions. -GR On 2012-07-10, at 9:53 PM, Matthew Perry wrote:
I am going to jump on the bandwagon for splunk as well. I have used the universal forwarder on windows and linux and they are very lightweight. - Matt On Tue, Jul 10, 2012 at 9:38 PM, anthony kasza <anthony.kasza () gmail com>wrote:The time between polling is configurable. I too prefer agents as it takes the resource burden away from a single machine and provides real time log collection. Installing agents isn't always the best solution, however. I've been told that Splunk agents (known as Universal Forwarders) have a minimal resource footprint but I have never used one. -AK On Tue, Jul 10, 2012 at 8:04 PM, Champ Clark III <cclark () quadrantsec com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/10/12 8:50 PM, anthony kasza wrote:Conceptually similar to SNMP, but not the same. You configure Splunk with a service account. Periodically, Splunk will login to those designated systems and collect WMI information. The service account needs the proper rights and privileges to read WMI on each system.Thank you. I was using SNMP-trap in my example, but that was incorrect. SNMP is a better analogy. That's the way I was told WMI, which I've never used, worked. How often does polling typically take place? I assume that configurable? I typically don't like systems that have to manually "poll" for logs. Hence the reason I believe loading the agent is better. However, the downfall of that is... well... you have to load the agent... Some organizations/people don't like that idea either. - -- - - Champ Clark III (cclark () quadrantsec com) Quadrant Information Security (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP/NEzAAoJENnmXt7Lmc3KLcYH/ihIDmKtJfbgSdlFMwRVI9j9 I41Kcpz1cvL817VhgY0mv4uKYNnQ4laSrRYHkAhI4bkIVRkGOV3aEez8vl/0t83R z5z1Bdr0T/+VNDLAuJRM3AqlUn6BPQ/8Z7WRBKAyJ0PZZiSwcxWvWRNhRvrBRczS 086j0hIoDQr/K/3yIwJnvbk+5bcgRqSfsv7B3Etaz/OKoYCcN/TRGu8+pjMeRF1g D+f7x/jPpzhGTlc/JIMS1EnBIqq8YEjJ34IJuoT7vK+HSx5mJ1sGiP+aO6X23YJ6 Xzv7y9Dfq1dFB4ZmmUj7LVA/4wDLAbi5OQIqkpTd/2oQMjtHj2mA6zWhb8PVCz4= =6QkV -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Matthew Perry _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Looking for some event and security log monitoring software Brian Schultz (Jul 10)
- Re: Looking for some event and security log monitoring software Josh More (Jul 10)
- Re: Looking for some event and security log monitoring software Bigger Thomas (Jul 10)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Champ Clark III (Jul 10)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Champ Clark III (Jul 10)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Matthew Perry (Jul 10)
- Re: Looking for some event and security log monitoring software Guillaume Ross (Jul 10)
- Re: Looking for some event and security log monitoring software Doug Burks (Jul 11)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Bigger Thomas (Jul 10)
- Re: Looking for some event and security log monitoring software Chesmore, Michael [DAS] (Jul 11)
- Re: Looking for some event and security log monitoring software Champ Clark III (Jul 10)
- Re: Looking for some event and security log monitoring software fd (Jul 11)
- Re: Looking for some event and security log monitoring software Chris Tizzano (Jul 17)
- Re: Looking for some event and security log monitoring software Chris Keladis (Jul 18)
- Re: Looking for some event and security log monitoring software Mike Patterson (Jul 11)
- Re: Looking for some event and security log monitoring software Mike Patterson (Jul 11)
- Re: Looking for some event and security log monitoring software Brian Schultz (Jul 11)