Friends who are using splunk strictly as a logger liked it.  We had
hell of a lot of pain implementing 4.0.  They don't understand the
concept of dropping privs, so it has to run as root.  My company does
not allow the non-os team to have root.  So endless fucking around
with permissions and "hey unix team, can you please do this so that we
can continue troubleshooting".

And to top that, 4.0 through about 4.09 were feature *and* bug rich.

They have agents which have to be installed and upgraded manually each
time.  Few hundred servers and that starts to get a bit old.

And sux on aix (ok, that's our fault - the asshole who bought it
bought a p520 instead of a x86 box.  Before a solution/product was
even finalized).

And some kind of buffer overflow issue which I think is fixed now.

So, if you're looking for something to sit on 512 and other assorted
ports to receive logs, and index them, and give you a pretty interface
to do searches on non-normalized data on linux, splunk's pretty nice.

If you need to use some of their "additional" features (agents, etc)
test it out first before doing it.  Fortunately, you can get an annual
500meg/day license for free by just asking.


On 8/14/10, Toni Mueller <openbsd-m...@oeko.net> wrote:
> On Fri, 13.08.2010 at 14:36:21 +0100, Kevin Chadwick <ma1l1i...@yahoo.co.uk>
> wrote:
>> What do people think of monit.
>
> Ok, I'll chime in: What do people think of Zenoss and splunk?
>
> I'm so far leaning twoards trying Zenoss, but it surely has a high
> barrier-of-entry, and I'm only interested in splunk for comparison.
>
>
> Kind regards,
> --Toni++
>
>

-- 
Sent from my mobile device

http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Reply via email to