Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Log management
From: Nick Lewis <lewisnic () ACM ORG>
Date: Wed, 31 Jan 2007 18:12:58 -0500

To get around the access control issues, we setup multiple instances of
Splunk on the same server running on different ports.

Nick

----- Original Message -----
From: "Isaac Straley" <straley () UCI EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Wednesday, January 31, 2007 10:47 AM
Subject: Re: [SECURITY] Log management


I, from a personal viewpoint, really like Splunk.  It's got great
indexing, a variety of input methods, and easy to use search and
correlation capabilities.  My only real beef with it currently is the
access control system.  It's very basic with three roles which mainly
revolve around the ability to add inputs and alerts.  This is not bad in a
very small or controlled environment, but depending on your definition of
"centralized" this can create problems if you want to limit access to view
(or even list) some or all of the logs.

My understanding from talking to their reps is a better access control
system is in development, but it's sometime away.  There was supposed to
be a release which made some progress in this area but unless I have
missed something, they have not done it yet.

If this is not a problem for your environment, Splunk is well worth
looking at.

Isaac

--

Isaac Straley
Manager, IT Security
Network & Academic Computing Services
University of California, Irvine
straley () uci edu
(949) 824-1471

Jeff Giacobbe wrote:
Charles-

I've heard good thinks about Splunk (splunk.org) though I haven't really
kicked the tires myself yet. Splunk can index and search all kinds of
system and network log data in near real-time and has some alerting
functions as well.

It's free for up to 500MB of log data per day. More than that requires a
license.

--
Jeff Giacobbe
Director of Systems, Security, and Networking
Montclair State University


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault