[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

events

Subject: events
From: jml at packetpimp.org (Jason LeBlanc)
Date: Tue, 04 Oct 2011 10:27:29 -0400
In-reply-to: <[email protected]>
References: <CAB_zYdJ6au02ofnsVFOw7Zi2hLV+_z4_-uKrkxkCizzsrGq=Xw@mail.gmail.com> <[email protected]>

+1 for SEC, minimal hit on the cpu like most parsing tools, the regexp 
can be painful but it is fairly extensible.  Once you get used to it 
you'll love it.

On 10/04/2011 05:58 AM, Ben Roeder wrote:
> Hi Mike,
> We have used octopussy ( http://www.8pussy.org/dokuwiki/doku.php?id=home  yes it is work safe :-) ) with ok results.
> Have used sec ( simple event correlator http://simple-evcorr.sourceforge.net/ ) to some success in simple cases.
>
> Currently having another look at this myself and the following look interesting, but have not deployed them yet
> http://logstash.net/
> http://graylog2.org/about
>
> Ben
> On 30 Sep 2011, at 14:50, harbor235 wrote:
>
>> What is everyone using to collect, alert, and analyze syslog data?
>> I am looking for something that can generate reports as well as support
>> multiple vendors. We have done some home grown stuff in the past but
>> would be interested in something  that incorprates all the best features.
>>
>> Soalrwinds, splunk, fwanalog, and others come to mind, any other good ones
>> out there?
>>
>>
>> Mike
>
>
>

Follow-Ups:
- events
  - From: paul4004 at gmail.com (PC)

References:
- events
  - From: ben.roeder at sohonet.co.uk (Ben Roeder)

Prev by Date: events
Next by Date: Facebook insecure by design
Previous by thread: events
Next by thread: events
Index(es):
- Date
- Thread