Most of the log analysis/correlation threads in my E-mail archive seem to get a
lot of "yeah we use Splunk for that." Allow me to ask the question this way
and see what happens...
I pressed my coworkers for some specific examples of what they'd like to have a
log correlator do for them. Below is the non-trivial example that I received.
Do any log correlation products have this sort of sophistication?
The following sequence of events happen. Program sees the log entry for each
event, makes the correlation, and sends us an email that [insert user here] is
running bittorrent.
Link comes up on switch port
802.1x authentication succeeds
DHCP address issued
User logs into domain
Firewall starts logging the BitTorrent URL signature
===
Jeremy Charles
Epic - Computer and Technology Services Division
[email protected]
Phone: 608-271-9000 Fax: 608-271-7237
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
