A previous poster mentioned Cisco Mars, I utilize a Mars device and can highly recommend it. We process over 30 million events (firewall logs, windows event logs, linux logs, router logs) a day and it makes short work of analyzing data. Used Splunk (still actually use splunk installed locally as needed) for a while and it worked great as well.
On Fri, Jun 5, 2009 at 1:06 PM, Michael Douglas <[email protected]> wrote: > If you're not opposed to commercial products, I can highly recommend > LogRhythm. It's quite powerful, yet easy to use. Note that with any > log analyzer, the setup is a pain. > > - Mick > > On Fri, Jun 5, 2009 at 1:58 PM, John Lowry<[email protected]> wrote: > > I really like using OSSEC on my syslog machine to scan for EOI for me an > > alert me when stuff happens. I then use Splunk for searching through > > those events. > > > > Paul Asadoorian wrote: > >> Splunk was one of those tools that got popular after I left the > >> university. I think we need to do a tech segment on it as its been > >> highly recommended by many. > >> > >> Cheers, > >> Paul > >> > >> Russell Butturini wrote: > >>> Commercial or open source? For commercial we like Cisco’s CS-MARS, but > >>> that’s a big investment. Free tools, Splunk is pretty darn good. > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
