PaulDotCom mailing list archives
Re: Looking for some event and security log monitoring software
From: Mike Patterson <mike () snowcrash ca>
Date: Wed, 11 Jul 2012 09:06:17 -0400
On 12-07-10 8:50 PM, anthony kasza wrote:
Conceptually similar to SNMP, but not the same. You configure Splunk with a service account. Periodically, Splunk will login to those designated systems and collect WMI information. The service account needs the proper rights and privileges to read WMI on each system.
Also, SNMP is fairly lightweight; WMI is not. Most vendors will tell you to use an agent, rather than WMI, as the latter puts more load on and is pull rather than push. And hey, if you don't already have WMI opened, you won't need to. Another way you can do it is to use SCOM and have your log monitoring query that, rather than query the systems directly. I'm not going to recommend any product, save to say "you should look at options other than Splunk." I've seen them and LogRhythm mentioned; other players in the medium to big boys market are ArcSight, NitroSecurity, and Q1 QRadar, and you'd me remiss to not look at them if you're looking at spending any amount of money on something. Of course, if you've got more time than money, you could probably get by with OSSEC and WMI queries. Mike -- Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Looking for some event and security log monitoring software, (continued)
- Re: Looking for some event and security log monitoring software anthony kasza (Jul 10)
- Re: Looking for some event and security log monitoring software Matthew Perry (Jul 10)
- Re: Looking for some event and security log monitoring software Guillaume Ross (Jul 10)
- Re: Looking for some event and security log monitoring software Doug Burks (Jul 11)
- Re: Looking for some event and security log monitoring software Bigger Thomas (Jul 10)
- Re: Looking for some event and security log monitoring software Chesmore, Michael [DAS] (Jul 11)
- Re: Looking for some event and security log monitoring software Champ Clark III (Jul 10)
- Re: Looking for some event and security log monitoring software fd (Jul 11)
- Re: Looking for some event and security log monitoring software Chris Tizzano (Jul 17)
- Re: Looking for some event and security log monitoring software Chris Keladis (Jul 18)
- Re: Looking for some event and security log monitoring software Mike Patterson (Jul 11)
- Re: Looking for some event and security log monitoring software Mike Patterson (Jul 11)
- Re: Looking for some event and security log monitoring software Brian Schultz (Jul 11)
- Re: Looking for some event and security log monitoring software Ron Gula (Jul 11)