Re: Parsing Syslog and Acting on it, using other input too

[Sam Moats <sam () circlenet us>]

My view on splunk,
+1 if you intend to have a human act on the reports, it does an 
excellent job of reducing huge amounts of audit data into the valuable 
bits.
-1 Seemed to be a pita to integrate with my scripting enviroment. I 
ended up kludging wget,awk and telnet together in a totally undignified 
way to make it reach out and act on something.

+2 Customizable ingestion/parsing, I'm feeding everything from linux 
audit data to weird proprietary serial output from a multiplexer into 
it.
-1 Proprietary database I would have liked to see an sql plugin for 
data storage, I would like the data in Mysql/Oracle but no-joy from 
splunk so that I can use other tools on it easily.

+1 Free demo. You can download an eval version that is rate limited and 
cripples itself after a fixed time.
-1 because The license costs are a bit high if your moving lots of data 
through it


Sam Moats
On 2013-08-29 09:10, Jason Biel wrote:
> You should look into SPLUNK (http://www.splunk.com/), it will 
> collect/store
> your syslog data and you can run customized reports and then act on 
> them.
>
>
> On Thu, Aug 29, 2013 at 8:03 AM, Kasper Adel <karim.adel () gmail com> 
> wrote:
>
> > Hello.
> >
> > I am looking for a way to do proactive monitoring of my network, 
> > what I am
> > specifically thinking about is receiving syslog msgs from the 
> > routers and
> > the backend engine would correlate certain msgs with output/data 
> > that i am
> > receiving through SSH/telnet sessions. What i am after is not 
> > exposed to
> > SNMP so i need to do it on my own.
> >
> >
> > I am sure there are many tools that can do parsing of syslog and 
> > acting
> > upon it but i wonder if there is something more flexible out there 
> > that I
> > can just re-use to do the above ? Please point me to known public or
> > home-grown scripts in use to achieve this.
> >
> > Regards,
> >
> > Sam