Steve,
The last place I was at heavily used Splunk and then transitioned to
dual-routing a substantial portion of the logs from across the infrastructure
to ELK, as well.
-Joe
From: Steve Grubb <[email protected]>
To: F Rafi <[email protected]>; "[email protected]"
<[email protected]>
Sent: Monday, December 14, 2015 10:34 AM
Subject: Re: New draft standards
But I guess this gives me an opportunity to ask the community what tools they
are using for audit log collection and viewing? Its been a couple years since
e had this discussion on the mail list and I think some things have changed.
Do people use ELK?
Apache Flume?
Something else?
It might be possible to write a plugin to translate the audit logs into the
native format of these tools.
-Steve
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
