Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

your log management tools of choice?
From: andycapp92 at gmail.com (Andrew Anderson)
Date: Fri, 5 Jun 2009 13:16:57 -0600

Thank you all for your thoughts....

I am partial to open source for now.  I need to be able to show some value
before looking for a budget on this one (other than my time).  It sounds
like the consensus is pointing to Splunk as a good starting point.  I do use
Aanval on my IDS boxes and should probably look at it for this...  I wanted
to get some opinons first though.

On Fri, Jun 5, 2009 at 12:27 PM, scott burkhart <burkhart.scott at gmail.com>wrote:

A previous poster mentioned Cisco Mars, I utilize a Mars device and can
highly recommend it. We process over 30 million events (firewall logs,
windows event logs, linux logs, router logs) a day and it makes short work
of analyzing data. Used Splunk (still actually use splunk installed locally
as needed) for a while and it worked great as well.


On Fri, Jun 5, 2009 at 1:06 PM, Michael Douglas <mick at pauldotcom.com>wrote:

If you're not opposed to commercial products, I can highly recommend
LogRhythm.  It's quite powerful, yet easy to use.  Note that with any
log analyzer, the setup is a pain.

- Mick

On Fri, Jun 5, 2009 at 1:58 PM, John Lowry<johnlowry at gmail.com> wrote:
I really like using OSSEC on my syslog machine to scan for EOI for me an
alert me when stuff happens. I then use Splunk for searching through
those events.

Paul Asadoorian wrote:
Splunk was one of those tools that got popular after I left the
university.  I think we need to do a tech segment on it as its been
highly recommended by many.

Cheers,
Paul

Russell Butturini wrote:
Commercial or open source? For commercial we like Cisco?s CS-MARS, but
that?s a big investment.  Free tools, Splunk is pretty darn good.
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
Andrew Anderson
andrew at a2-technologies.com, andycapp92 at gmail.com

403.827.3802
403.249.4278
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090605/d8e97978/attachment.htm 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault