Splunk has their deployment server which would allow you to manage all the deployed forwarders centrally. Might be worth a look over.
On Wed, May 18, 2011 at 4:44 PM, Michael Lubinski < [email protected]> wrote: > I'm just trying to find the best way to provide a Splunk style service but > it would be really nice to be able to manage all of them through a > centralized console. We have looked at products like Kaseya or Manage Engine > but its a hard sell to management for them to drop the investment with no > body buying it right away. > > Advice anyone? > > Yes were talking about security on a budget here, oohohh yeah.. > > > On Wed, May 18, 2011 at 12:57 PM, Bojan Zdrnja (SANS ISC) < > [email protected]> wrote: > >> Michael, >> >> On Wed, May 18, 2011 at 4:09 PM, Michael Lubinski >> <[email protected]> wrote: >> > Has anyone ever tried using Splunk like in a managed services >> environment. >> > Meaning a bunch of your customers Splunk servers send data back to a >> main >> > Splunk server through a tunnel of some sorts. >> > Replace Splunk == your product of choice >> >> <disclosure> >> My company is a Splunk partner. >> </disclosure> >> >> Well, if you have a Splunk forwarder running it can send logs directly >> over an SSL connection. However, that would require all hosts to be >> able to connect to your main indexer which is probably something the >> customer(s) won't like. >> >> That being said - you have zillion options with Splunk. You can run an >> indexer at each customer's site and then just search through logs from >> your central site. Or, you can have Splunk agents send logs to another >> forwarder which then sends logs to your site - that way, only 1 server >> needs to be able to connect to your site. >> >> Finally, you can tunnel this traffic through SSH or whatever you want ... >> >> Hope this helps, shoot if you have more questions. >> >> Cheers, >> >> Bojan >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
