http://www.loganalysis.org/ The above site has some good information on the use of log analysis and some of the tools that can be used.
Sorry if its already been posted. 2009/6/9 Keith Pawson <[email protected]> > One more thing you might want to look at that I have used for the past 8 > months is phpLogCon, which is free/open source and supports Syslog, Win > EventLog and SNMP trap data, see: > > http://www.phplogcon.org/ > > > > Although it does not seem to scale well with huge amounts of data (for me) > it is doing the job with several Firewalls, Switches and Linux boxes sending > all their Syslog info to it. I’m using it on a Debian LAMP server and I just > archive the DB every quarter and start fresh. > > > > I guess you could use Splunk for heavy analysis and looking at the archive > data and phpLogCon for every day checking. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Andrew Anderson > *Sent:* Saturday, 6 June 2009 05:17 > *To:* PaulDotCom Security Weekly Mailing List > *Subject:* Re: [Pauldotcom] your log management tools of choice? > > > > Thank you all for your thoughts.... > > I am partial to open source for now. I need to be able to show some value > before looking for a budget on this one (other than my time). It sounds > like the consensus is pointing to Splunk as a good starting point. I do use > Aanval on my IDS boxes and should probably look at it for this... I wanted > to get some opinons first though. > > On Fri, Jun 5, 2009 at 12:27 PM, scott burkhart <[email protected]> > wrote: > > A previous poster mentioned Cisco Mars, I utilize a Mars device and can > highly recommend it. We process over 30 million events (firewall logs, > windows event logs, linux logs, router logs) a day and it makes short work > of analyzing data. Used Splunk (still actually use splunk installed locally > as needed) for a while and it worked great as well. > > > > On Fri, Jun 5, 2009 at 1:06 PM, Michael Douglas <[email protected]> > wrote: > > If you're not opposed to commercial products, I can highly recommend > LogRhythm. It's quite powerful, yet easy to use. Note that with any > log analyzer, the setup is a pain. > > - Mick > > > On Fri, Jun 5, 2009 at 1:58 PM, John Lowry<[email protected]> wrote: > > I really like using OSSEC on my syslog machine to scan for EOI for me an > > alert me when stuff happens. I then use Splunk for searching through > > those events. > > > > Paul Asadoorian wrote: > >> Splunk was one of those tools that got popular after I left the > >> university. I think we need to do a tech segment on it as its been > >> highly recommended by many. > >> > >> Cheers, > >> Paul > >> > >> Russell Butturini wrote: > >>> Commercial or open source? For commercial we like Cisco’s CS-MARS, but > >>> that’s a big investment. Free tools, Splunk is pretty darn good. > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > > -- > Andrew Anderson > [email protected], [email protected] > > 403.827.3802 > 403.249.4278 > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
