Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Log management
From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 31 Jan 2007 09:37:46 -0600

Can splunk deliver automated reports?  Last I played with it, it seemed
like something that might be good for people to go troubleshoot an issue
but not something that could easily automate reporting on specific

I had the same problem after viewing an ArcSight demo for their Logger
device.  Seems great for centralizing, bad for automated reporting.  I'm
explicitly not looking for something that does real-time alerting ala
OSSEC for many of these things.

-----Original Message-----
From: Alex Campoe [mailto:campoe () USF EDU]
Sent: Wednesday, January 31, 2007 8:26 AM
Subject: Re: [SECURITY] Log management

We are in the process of deploying Splunk within our environment. I
experimented with a handful of machines and was very impressed with
search features, allowing us to correlate, for instance, brute force
SSH attempts from remote machines across the machines covered easily.

Definitely worth a look.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]