Splunk. Definitely Splunk ;)
If you have any questions or you want to talk more about your use-
cases, I am happy to have a chat with you.
On a serious note, I think you should try it. And it is free up to
500MB/day! That's quite a bit. After that it's fairly reasonably
priced! One other thing that you might want to take into consideration
is that other log management solutions don't cope with configuration
files or multi-line information very well, if at all. I could list you
a few very interesting use-cases around that: configuration management
comes to mind. Also have a look at my blog where I talk a bit about
the difference between IT Search (splunk) and the log management
tools: blogs.splunk.com/raffy.
Seisch, wenn'd irgendwelchi Frogae hesch!
Raffy
--
Raffael Marty
Chief Security Strategist @ Splunk>
Security Visualization: http://secviz.org raffy.ch/blog
On Jan 20, 2008, at 11:52 PM, Olivier Beytrison wrote:
Hello,
Maybe have a look at splunk. It's not free, but it seems to do what
you're looking for.
I'd like to ask at the same time if anyone here is using it. Because
I thinking about installing it on our network. So some feedbacks
would be great.
www.splunk.com
Regards,
Olivier B.
Marcel Prisi a écrit :
Hi all,
I am looking for a good log centralisation / alerting / mining
solution.
I know about syslog-ng / rsyslog+phpLogCon, I'd like something more
complete ...
Something with a bit of realtime analysis (regexp ?) and
correlation ...
and a nice interface where you could get some useful details fast ...
What solution do swinoggers use ??
Thanks !
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
