Educause Security Discussion
mailing list archives
Re: Log management
From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 31 Jan 2007 09:37:46 -0600
Can splunk deliver automated reports? Last I played with it, it seemed
like something that might be good for people to go troubleshoot an issue
but not something that could easily automate reporting on specific
I had the same problem after viewing an ArcSight demo for their Logger
device. Seems great for centralizing, bad for automated reporting. I'm
explicitly not looking for something that does real-time alerting ala
OSSEC for many of these things.
From: Alex Campoe [mailto:campoe () USF EDU]
Sent: Wednesday, January 31, 2007 8:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Log management
We are in the process of deploying Splunk within our environment. I
experimented with a handful of machines and was very impressed with
search features, allowing us to correlate, for instance, brute force
SSH attempts from remote machines across the machines covered easily.
Definitely worth a look.