Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Log management
From: Alex Campoe <campoe () USF EDU>
Date: Wed, 31 Jan 2007 09:26:23 -0500

We are in the process of deploying Splunk within our environment. I
experimented with a handful of machines and was very impressed with the
search features, allowing us to correlate, for instance, brute force SSH
attempts from remote machines across the machines covered easily.

Definitely worth a look.


Jeff Giacobbe wrote:

I've heard good thinks about Splunk (splunk.org) though I haven't really
kicked the tires myself yet. Splunk can index and search all kinds of
system and network log data in near real-time and has some alerting
functions as well.

It's free for up to 500MB of log data per day. More than that requires a

Jeff Giacobbe
Director of Systems, Security, and Networking
Montclair State University

Charles L. Bombard wrote:
Hey everyone,

        What would you all recommend for central log management? We are
currently looking at GFI eventmanager. The ideal solution will combine
the monitoring of both windows and linux logs, and have the ability to
generate alerts based on our settings.

        Recommendations of things to look at as well as things to avoid
is appreciated.



Charles Bombard, GSEC
LAN/Systems Administrator
Community College of Vermont
119 Pearl Street
Burlington, VT 05401
bombardc () ccv edu

PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated
recipient only and may contain privileged, confidential, or otherwise
private information. If you have received it in error, please notify the
sender immediately and delete the original. Any other use of an email
received in error is prohibited.

--  Alex Campoe, CISSP            Information Security Manager       --
--                                Associate Director, Systems        --
--  Email: campoe () usf edu         Phone: (813) 974-1796              --
--  Academic Computing            University of South Florida        --

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]