ELK Splunk We use a proprietary vendor product that migrates data into an HDFS store via RabbitMQ based collectors and dumps them in raw form. From there I have access to all the usual "big data" tools albeit I'm not using Flume just yet, we're still trying to get a handle on operationalizing all the various big data component so that data science developers can focus on development instead of operations and support of the hardware/software ecosystem.
Kevin D Dienst From: Joe Wulf <joe_w...@yahoo.com> To: "linux-audit@redhat.com" <linux-audit@redhat.com> Date: 12/14/2015 10:51 AM Subject: Re: New draft standards Sent by: linux-audit-boun...@redhat.com Steve, The last place I was at heavily used Splunk and then transitioned to dual-routing a substantial portion of the logs from across the infrastructure to ELK, as well. -Joe From: Steve Grubb <sgr...@redhat.com> To: F Rafi <farhani...@gmail.com>; "linux-audit@redhat.com" <linux-audit@redhat.com> Sent: Monday, December 14, 2015 10:34 AM Subject: Re: New draft standards But I guess this gives me an opportunity to ask the community what tools they are using for audit log collection and viewing? Its been a couple years since e had this discussion on the mail list and I think some things have changed. Do people use ELK? Apache Flume? Something else? It might be possible to write a plugin to translate the audit logs into the native format of these tools. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
-- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit