I am using snare on a handful of windows servers, it's easy to setup. I haven't gotten too in depth with it but it happily sends logs all day long to our Solarwinds server. I agree, Splunk is very useful if you have the time to write dashboards and reports. Poring through mountains of raw data is much easier. If you know what you're looking for. I want to work on bringing more automation into it so I can get an overview. Listening intently to this thread so I can learn more.
John. On Mon, Jan 7, 2013 at 9:43 AM, Albert R. Campa <[email protected]> wrote: > thats the easy part, atleast for linux type systems with syslog.conf file. > > For windows I hear snare works good. > > > On Sun, Jan 6, 2013 at 5:30 PM, Robin Wood <[email protected]> wrote: >> >> On 6 January 2013 21:54, Doug Burks <[email protected]> wrote: >> > Hi Robin, >> > >> > One option would be to install Security Onion and enable ELSA. You'll >> > automatically get syslog-ng and a nice web interface to hunt through >> > your >> > logs. >> >> I might do that as the server side, just need to figure out how to get >> various machines to send all their stuff to it. >> >> Robin >> >> > Thanks, >> > Doug >> > >> > >> > On Sunday, January 6, 2013, Robin Wood wrote: >> >> >> >> Hi >> >> I'm going to be setting up a syslog server for the first time next >> >> week, >> >> can anyone recommended any good guides? >> >> >> >> I know there are quite a few out there but want a good, tested, one. >> >> >> >> Robin >> > >> > >> > >> > -- >> > Doug Burks >> > http://securityonion.blogspot.com >> > >> > >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
