Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Log management
From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 31 Jan 2007 09:37:46 -0600

Can splunk deliver automated reports?  Last I played with it, it seemed
like something that might be good for people to go troubleshoot an issue
but not something that could easily automate reporting on specific
activities.

I had the same problem after viewing an ArcSight demo for their Logger
device.  Seems great for centralizing, bad for automated reporting.  I'm
explicitly not looking for something that does real-time alerting ala
OSSEC for many of these things.

-----Original Message-----
From: Alex Campoe [mailto:campoe () USF EDU]
Sent: Wednesday, January 31, 2007 8:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Log management

We are in the process of deploying Splunk within our environment. I
experimented with a handful of machines and was very impressed with
the
search features, allowing us to correlate, for instance, brute force
SSH attempts from remote machines across the machines covered easily.

Definitely worth a look.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]