Thank you all for your thoughts.... I am partial to open source for now. I need to be able to show some value before looking for a budget on this one (other than my time). It sounds like the consensus is pointing to Splunk as a good starting point. I do use Aanval on my IDS boxes and should probably look at it for this... I wanted to get some opinons first though.
On Fri, Jun 5, 2009 at 12:27 PM, scott burkhart <[email protected]>wrote: > A previous poster mentioned Cisco Mars, I utilize a Mars device and can > highly recommend it. We process over 30 million events (firewall logs, > windows event logs, linux logs, router logs) a day and it makes short work > of analyzing data. Used Splunk (still actually use splunk installed locally > as needed) for a while and it worked great as well. > > > On Fri, Jun 5, 2009 at 1:06 PM, Michael Douglas <[email protected]>wrote: > >> If you're not opposed to commercial products, I can highly recommend >> LogRhythm. It's quite powerful, yet easy to use. Note that with any >> log analyzer, the setup is a pain. >> >> - Mick >> >> On Fri, Jun 5, 2009 at 1:58 PM, John Lowry<[email protected]> wrote: >> > I really like using OSSEC on my syslog machine to scan for EOI for me an >> > alert me when stuff happens. I then use Splunk for searching through >> > those events. >> > >> > Paul Asadoorian wrote: >> >> Splunk was one of those tools that got popular after I left the >> >> university. I think we need to do a tech segment on it as its been >> >> highly recommended by many. >> >> >> >> Cheers, >> >> Paul >> >> >> >> Russell Butturini wrote: >> >>> Commercial or open source? For commercial we like Cisco’s CS-MARS, but >> >>> that’s a big investment. Free tools, Splunk is pretty darn good. >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Andrew Anderson [email protected], [email protected] 403.827.3802 403.249.4278
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
