Hi guys,
http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree
Quote:
What does no authentication and access controls mean?
• There is no login. The command line or browser can access and control
all aspects of Splunk with no user/password prompt.
This can lead to issues such as this:
http://averagesecurityguy.info/2012/04/12/pwning-a-splunk-server/
So I would say the Free one is really for testing/playing, but not suitable at
all for "real work". The good news is Splunk is relatively affordable compared
to other "enterprise" solutions.
-GR
On 2012-07-10, at 9:53 PM, Matthew Perry wrote:
> I am going to jump on the bandwagon for splunk as well. I have used the
> universal forwarder on windows and linux and they are very lightweight.
>
> - Matt
>
> On Tue, Jul 10, 2012 at 9:38 PM, anthony kasza <[email protected]>wrote:
>
>> The time between polling is configurable.
>> I too prefer agents as it takes the resource burden away from a single
>> machine and provides real time log collection. Installing agents isn't
>> always the best solution, however.
>> I've been told that Splunk agents (known as Universal Forwarders) have
>> a minimal resource footprint but I have never used one.
>>
>> -AK
>>
>> On Tue, Jul 10, 2012 at 8:04 PM, Champ Clark III <[email protected]>
>> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On 7/10/12 8:50 PM, anthony kasza wrote:
>>>> Conceptually similar to SNMP, but not the same. You configure
>>>> Splunk with a service account. Periodically, Splunk will login to
>>>> those designated systems and collect WMI information. The service
>>>> account needs the proper rights and privileges to read WMI on each
>>>> system.
>>>
>>> Thank you. I was using SNMP-trap in my example, but that was
>>> incorrect. SNMP is a better analogy.
>>>
>>> That's the way I was told WMI, which I've never used, worked. How
>>> often does polling typically take place? I assume that configurable?
>>>
>>> I typically don't like systems that have to manually "poll" for logs.
>>> Hence the reason I believe loading the agent is better. However,
>>> the downfall of that is... well... you have to load the agent... Some
>>> organizations/people don't like that idea either.
>>>
>>>
>>> - --
>>> - - Champ Clark III ([email protected])
>>> Quadrant Information Security (http://quadrantsec.com)
>>> Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
>>> GPG Key ID: 0381878A
>>>
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
>>> Comment: GPGTools - http://gpgtools.org
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>>
>>> iQEcBAEBAgAGBQJP/NEzAAoJENnmXt7Lmc3KLcYH/ihIDmKtJfbgSdlFMwRVI9j9
>>> I41Kcpz1cvL817VhgY0mv4uKYNnQ4laSrRYHkAhI4bkIVRkGOV3aEez8vl/0t83R
>>> z5z1Bdr0T/+VNDLAuJRM3AqlUn6BPQ/8Z7WRBKAyJ0PZZiSwcxWvWRNhRvrBRczS
>>> 086j0hIoDQr/K/3yIwJnvbk+5bcgRqSfsv7B3Etaz/OKoYCcN/TRGu8+pjMeRF1g
>>> D+f7x/jPpzhGTlc/JIMS1EnBIqq8YEjJ34IJuoT7vK+HSx5mJ1sGiP+aO6X23YJ6
>>> Xzv7y9Dfq1dFB4ZmmUj7LVA/4wDLAbi5OQIqkpTd/2oQMjtHj2mA6zWhb8PVCz4=
>>> =6QkV
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> [email protected]
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>
>
>
> --
> Matthew Perry
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
