In such products, only 20% value is in engine; 80% are in rules, because I
can not wrire rules myself - I have not event until it happen, and I can not
filetr out noice until it happen.
We use a few syslog analyzers (using syslog-ng as a transport), some with
simple logcheck, other with database
On Tue, 7 Dec 2004, Alexei Roudnev wrote:
In such products, only 20% value is in engine; 80% are in rules, because I
can not wrire rules myself - I have not event until it happen, and I can not
filetr out noice until it happen.
We use a few syslog analyzers (using syslog-ng as a transport), some
==
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Alexei Roudnev
Sent: Wednesday, December 08, 2004 12:52 AM
To: Bill Nash; [EMAIL PROTECTED]
Subject: Re: Enterprise syslog management and alert generation.
In such products, only 20% value is in engine; 80