I am going to jump on the bandwagon for splunk as well. I have used the universal forwarder on windows and linux and they are very lightweight.
- Matt On Tue, Jul 10, 2012 at 9:38 PM, anthony kasza <[email protected]>wrote: > The time between polling is configurable. > I too prefer agents as it takes the resource burden away from a single > machine and provides real time log collection. Installing agents isn't > always the best solution, however. > I've been told that Splunk agents (known as Universal Forwarders) have > a minimal resource footprint but I have never used one. > > -AK > > On Tue, Jul 10, 2012 at 8:04 PM, Champ Clark III <[email protected]> > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 7/10/12 8:50 PM, anthony kasza wrote: > >> Conceptually similar to SNMP, but not the same. You configure > >> Splunk with a service account. Periodically, Splunk will login to > >> those designated systems and collect WMI information. The service > >> account needs the proper rights and privileges to read WMI on each > >> system. > > > > Thank you. I was using SNMP-trap in my example, but that was > > incorrect. SNMP is a better analogy. > > > > That's the way I was told WMI, which I've never used, worked. How > > often does polling typically take place? I assume that configurable? > > > > I typically don't like systems that have to manually "poll" for logs. > > Hence the reason I believe loading the agent is better. However, > > the downfall of that is... well... you have to load the agent... Some > > organizations/people don't like that idea either. > > > > > > - -- > > - - Champ Clark III ([email protected]) > > Quadrant Information Security (http://quadrantsec.com) > > Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A > > GPG Key ID: 0381878A > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > > Comment: GPGTools - http://gpgtools.org > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > iQEcBAEBAgAGBQJP/NEzAAoJENnmXt7Lmc3KLcYH/ihIDmKtJfbgSdlFMwRVI9j9 > > I41Kcpz1cvL817VhgY0mv4uKYNnQ4laSrRYHkAhI4bkIVRkGOV3aEez8vl/0t83R > > z5z1Bdr0T/+VNDLAuJRM3AqlUn6BPQ/8Z7WRBKAyJ0PZZiSwcxWvWRNhRvrBRczS > > 086j0hIoDQr/K/3yIwJnvbk+5bcgRqSfsv7B3Etaz/OKoYCcN/TRGu8+pjMeRF1g > > D+f7x/jPpzhGTlc/JIMS1EnBIqq8YEjJ34IJuoT7vK+HSx5mJ1sGiP+aO6X23YJ6 > > Xzv7y9Dfq1dFB4ZmmUj7LVA/4wDLAbi5OQIqkpTd/2oQMjtHj2mA6zWhb8PVCz4= > > =6QkV > > -----END PGP SIGNATURE----- > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Matthew Perry
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
