Hey everyone,
I'd like to get some input from people who are currently running a
centralized logging environment with multiple (and theoretically multi-
platform) OS's logging to one (or multiple) syslog hosts.
Getting logging down, and getting hosts to log to a central server was
the easy part. It's pretty nifty, one place to go, and no more /var
fill ups :-) however, it's now time to go to the next step.
What (presumedly freeware/opensource/open-dev) programs, home brew
perl madness, commercialware, etc, are people using for their log analysis?
I think there will be two schools of solutions here, correct me if I'm
missing or off topic:
1) Real-Time monitors to "tail" output and generate alerts/flags based
on certain situations or checkpoints/markers, and
2) Daily log parsing for reports, trend analysis, and longer term
watching
Program names are fine to spew back, but input on actual use of these
utilities, thoughts, etc, would help.
And if it turns up zero, perhaps we can start a project of our own :)
Thanks in advance for input. I'm hoping I'm not the only one out here
in the same boat.
jamie
--
jamie rishaw <jamie@playboy.com>
sr. wan/unix engineer/ninja // playboy enterprises inc.
[opinions stated are mine, and are not necessarily those of the bunny]
"UNIX was not designed to stop people from doing stupid things, because
that would also stop them from doing clever things." -- Doug Gwyn
---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribe@securityfocus.com
For additional commands, e-mail: loganalysis-help@securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 11:05:51 PST