Home page logo

pauldotcom logo PaulDotCom mailing list archives

your log management tools of choice?
From: paul at pauldotcom.com (Paul Asadoorian)
Date: Fri, 05 Jun 2009 13:43:01 -0400

Great question Andrew!

I guess let me start with some background.  When I used to work for "the
university" we did a lot with syslog.  I used to syslog everything,
firewalls (including packet logs!), systems, IDS, routers, and switches.
 I never had much budget to throw at some high end systems to analyze
the logs (nor did I particularly care for what was on the market at the
time, which was a few years ago now).

So, I syslog'd everything to a Linux server and used command line tools
(sed/awk/grep primarily) to find EOI (events of interest).  It worked
quite well (in fact I with cron I was able to pull more/better
information out of my logs than most with commercial tools *at the time*).

So, thats where my crappy command line kung fu came from ;)  In fact
many of the commands I ran can be found on www.commandlinekungfu.com,
except now Hal has corrected me and made the techniques simpler and
faster.  I also recommend the O'rielly books "Sed and Awk" and the "Bash

<shameless-biased-plug>Tenable now makes products that do this, and I
have to say as I work with them now I find myself saying, "Wow, I wish I
had this when I used to work for 'the university'"



Andrew Anderson wrote:
Just trying to wade though the choices...

Looking for recommendations for syslog parsing and management tools. 
(post gathering).


Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]