I'm just trying to find the best way to provide a Splunk style service but it would be really nice to be able to manage all of them through a centralized console. We have looked at products like Kaseya or Manage Engine but its a hard sell to management for them to drop the investment with no body buying it right away.
Advice anyone? Yes were talking about security on a budget here, oohohh yeah.. On Wed, May 18, 2011 at 12:57 PM, Bojan Zdrnja (SANS ISC) < [email protected]> wrote: > Michael, > > On Wed, May 18, 2011 at 4:09 PM, Michael Lubinski > <[email protected]> wrote: > > Has anyone ever tried using Splunk like in a managed services > environment. > > Meaning a bunch of your customers Splunk servers send data back to a main > > Splunk server through a tunnel of some sorts. > > Replace Splunk == your product of choice > > <disclosure> > My company is a Splunk partner. > </disclosure> > > Well, if you have a Splunk forwarder running it can send logs directly > over an SSL connection. However, that would require all hosts to be > able to connect to your main indexer which is probably something the > customer(s) won't like. > > That being said - you have zillion options with Splunk. You can run an > indexer at each customer's site and then just search through logs from > your central site. Or, you can have Splunk agents send logs to another > forwarder which then sends logs to your site - that way, only 1 server > needs to be able to connect to your site. > > Finally, you can tunnel this traffic through SSH or whatever you want ... > > Hope this helps, shoot if you have more questions. > > Cheers, > > Bojan > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
