The time between polling is configurable. I too prefer agents as it takes the resource burden away from a single machine and provides real time log collection. Installing agents isn't always the best solution, however. I've been told that Splunk agents (known as Universal Forwarders) have a minimal resource footprint but I have never used one.
-AK On Tue, Jul 10, 2012 at 8:04 PM, Champ Clark III <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 7/10/12 8:50 PM, anthony kasza wrote: >> Conceptually similar to SNMP, but not the same. You configure >> Splunk with a service account. Periodically, Splunk will login to >> those designated systems and collect WMI information. The service >> account needs the proper rights and privileges to read WMI on each >> system. > > Thank you. I was using SNMP-trap in my example, but that was > incorrect. SNMP is a better analogy. > > That's the way I was told WMI, which I've never used, worked. How > often does polling typically take place? I assume that configurable? > > I typically don't like systems that have to manually "poll" for logs. > Hence the reason I believe loading the agent is better. However, > the downfall of that is... well... you have to load the agent... Some > organizations/people don't like that idea either. > > > - -- > - - Champ Clark III ([email protected]) > Quadrant Information Security (http://quadrantsec.com) > Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A > GPG Key ID: 0381878A > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJP/NEzAAoJENnmXt7Lmc3KLcYH/ihIDmKtJfbgSdlFMwRVI9j9 > I41Kcpz1cvL817VhgY0mv4uKYNnQ4laSrRYHkAhI4bkIVRkGOV3aEez8vl/0t83R > z5z1Bdr0T/+VNDLAuJRM3AqlUn6BPQ/8Z7WRBKAyJ0PZZiSwcxWvWRNhRvrBRczS > 086j0hIoDQr/K/3yIwJnvbk+5bcgRqSfsv7B3Etaz/OKoYCcN/TRGu8+pjMeRF1g > D+f7x/jPpzhGTlc/JIMS1EnBIqq8YEjJ34IJuoT7vK+HSx5mJ1sGiP+aO6X23YJ6 > Xzv7y9Dfq1dFB4ZmmUj7LVA/4wDLAbi5OQIqkpTd/2oQMjtHj2mA6zWhb8PVCz4= > =6QkV > -----END PGP SIGNATURE----- > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
