[logs] Re: Recommended Log analysis tool (follow up)

• Previous message: Mark Jayson R. Alvarez: "[logs] Re: Recommended Log analysis tool (follow up)"
• In reply to: Mark Jayson R. Alvarez: "[logs] Recommended Log analysis tool (follow up)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Mark,

You may want to take a look at Splunk.  It does most of the things  
you list below.

You can download a free version from www.splunk.com and give it spin  
(it runs on *nix).   The free version is fully functional and does  
not timeout.

Here's a screencast of the product in action:
http://www.splunk.com/images/screencastdemos/brent_chapman/ 
brentdemo.html

Feel free to ask me any questions you might have.

Pat-

--
Patrick McGovern
pat@private

splunk> Take the "sh" out of IT.





On Oct 12, 2006, at 12:04 AM, Mark Jayson R. Alvarez wrote:

> I just got this information:
> The log analysis tool will be used for various firewalls  
> (fortinet,sonicwall,
> pix etc.)
>
> My boss wants me to know if the tool can handle these requirements..
>
>
>
> ________________________________________________________________
> * Availability of technical support (ex: 24x7, email, phone, chat,  
> etc.)
>
> * Patch or updating of software is this included or an additonal  
> expense?
>
> * List of Managed Security Service Providers using the software
>
> * Sizing guidelines - what server specs for X number of clients
>
> * For contingency or redundancy purposes can we mirror the data on  
> another
> server and would this entail additional cost?
>
> * Are there steps to backup and resotore data in case of a system  
> crash?
>
> * Would it have a capability to have views for different clients
>
> * Can the reports be exported to a file, if so what formats? PDF, DOC,
> etc?
>
> * What reports can be generated:
> - # of blocked IPs/Ports
> - Source/Dest IP
> - IPs, AV, AS report from Fortigate?
> - Top Users
> - Weekly, Montly, Daily, historical, etc.
> - Others PLEASE EXPLORE
>
> * Would the built-in syslog have an ACL facility to avoid being probed
> from the
> public Internet.
>
> * Would it support different logging from various firewall vendor on a
> single machine.
>
> * Please list down features outside the above
> ____________________________________________________________
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>




_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Mark Jayson R. Alvarez: "[logs] Re: Recommended Log analysis tool (follow up)"
• In reply to: Mark Jayson R. Alvarez: "[logs] Recommended Log analysis tool (follow up)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Oct 13 2006 - 12:07:31 PDT