Re: AW: [swinog] Log centralisation / mining

[Raffael Marty]

Too bad that Splunk does not run on Windows :(



Not yet! There is a preview version out that runs on Windows, but it's  
still a bit unstable. By the end of the month, we should have  
something that is releasable! Hang tight or try the preview!


Cheers

  -raffy


We are a Windows Company and if i tell them that we want to run a  
Linux Server, our Management would kill me ;)


Is there anything out in the Net for Log management witch is Windows  
Based?


Regards
Capo

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
] Im Auftrag von Raffael Marty

Gesendet: Montag, 21. Januar 2008 09:07
An: [EMAIL PROTECTED]
Betreff: Re: [swinog] Log centralisation / mining

Splunk. Definitely Splunk ;)

If you have any questions or you want to talk more about your use-
cases, I am happy to have a chat with you.

On a serious note, I think you should try it. And it is free up to
500MB/day! That's quite a bit. After that it's fairly reasonably
priced! One other thing that you might want to take into consideration
is that other log management solutions don't cope with configuration
files or multi-line information very well, if at all. I could list you
a few very interesting use-cases around that: configuration management
comes to mind. Also have a look at my blog where I talk a bit about
the difference between IT Search (splunk) and the log management
tools: blogs.splunk.com/raffy.

Seisch, wenn'd irgendwelchi Frogae hesch!

  Raffy

--
  Raffael Marty
  Chief Security Strategist   @ Splunk>
  Security Visualization: http://secviz.org   raffy.ch/blog


On Jan 20, 2008, at 11:52 PM, Olivier Beytrison wrote:


Hello,

Maybe have a look at splunk. It's not free, but it seems to do what
you're looking for.

I'd like to ask at the same time if anyone here is using it. Because
I thinking about installing it on our network. So some feedbacks
would be great.

www.splunk.com


Regards,
Olivier B.

Marcel Prisi a écrit :

Hi all,
I am looking for a good log centralisation / alerting / mining
solution.
I know about syslog-ng / rsyslog+phpLogCon, I'd like something more
complete ...
Something with a bit of realtime analysis (regexp ?) and
correlation ...
and a nice interface where you could get some useful details  
fast ...

What solution do swinoggers use ??
Thanks !
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: AW: [swinog] Log centralisation / mining

[Rainer Duffner]

Michele Capobianco schrieb:
> Too bad that Splunk does not run on Windows :(
>
> We are a Windows Company and if i tell them that we want to run a Linux 
> Server, our Management would kill me ;)
>   


Then, don't expect a free (OSS) solution ;-)
I'd look into some of the UTM (Unified Threat Management) or
(specialized) IDS solutions.
I haven't tried it, but if I'd have a budget, I'd take a look at
Tenable's log-correlation products:
http://www.tenablesecurity.com/
They actually don't run on Windows, either, but they can analyze
Windows-logs.

See these links:
http://www.networkintrusion.co.uk/consoles.htm

BTW: I'd be interested to hear from people running one of those.


> Is there anything out in the Net for Log management witch is Windows Based?
>   

I guess there is a system-management solution from MSFT, too.
Call your MSFT-sales rep ;-)



cheers,
Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog