Re: [swinog] Log centralisation / mining
On Jan 21, 2008, at 3:45 AM, Roman Hochuli wrote: Hello Raffy Splunk. Definitely Splunk ;) > -- Raffael Marty Chief Security Strategist @ Splunk> Security Visualization: http://secviz.org raffy.ch/blog I see. A totally unbiased position. ;) I assumed that was obvious... That's why I also said: > On a serious note, I ... Reza wrote: The most professional solution on market is surely EMC/RSA envision, if you see it you won't want to bother with anything else. I would totally disagree. If you really want to go down that route, ArcSight is the one you want to go for. But again, be clear on what you are trying to do. All of these solutions are slightly different and should match your use. -raffy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] Log centralisation / mining
The most professional solution on market is surely EMC/RSA envision, if you see it you won't want to bother with anything else. If you wanna a demo let me know of list. Best Regards Mit freundlichen Grüssen Reza Kordi Managing Director Clue AG Blegistrasse 9 CH - 6340 Baar/Zug tel. +41 41 240'49'49 fax. +41 41 240'49'59 mob. +41 78 870'02'30 www.clue.ch - On with Virtualization -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcel Prisi Sent: Montag, 21. Januar 2008 08:48 To: [EMAIL PROTECTED] Subject: [swinog] Log centralisation / mining Hi all, I am looking for a good log centralisation / alerting / mining solution. I know about syslog-ng / rsyslog+phpLogCon, I'd like something more complete ... Something with a bit of realtime analysis (regexp ?) and correlation ... and a nice interface where you could get some useful details fast ... What solution do swinoggers use ?? Thanks ! ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] bluewin not accepting email at the moment
>hehe.. mx49 is just a tarpit server ;-) oh.. now every spammer will exclude this host ,-) -steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrian Ulrich Sent: Monday, January 21, 2008 3:07 PM To: [EMAIL PROTECTED]; Andreas Weiler Cc: [EMAIL PROTECTED] Subject: Re: [swinog] bluewin not accepting email at the moment Hi Andreas, > From my side it looks like bluewin mailserver is not accepting any > email at the moment. We had some funky problems with our loadbalancers this morning. > (delivery temporarily suspended: connect to > mx49.bluewin.ch[195.186.18.99]: Connection timed out) hehe.. mx49 is just a tarpit server ;-) telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 mx49.bluewin.ch not so ready Regards, Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] bluewin not accepting email at the moment
Hi Andreas, > From my side it looks like bluewin mailserver is not accepting any > email at the moment. We had some funky problems with our loadbalancers this morning. > (delivery temporarily suspended: connect to mx49.bluewin.ch[195.186.18.99]: > Connection timed out) hehe.. mx49 is just a tarpit server ;-) telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 mx49.bluewin.ch not so ready Regards, Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re[2]: [swinog] bluewin not accepting email at the moment
Looks like all email in mailq to @bluewin.ch have reached their destination in the meantime. Thank you for your information. Andreas Weiler Kabelfernsehen Boedeli AG Am Montag, 21. Januar 2008 um 11:43 schrieben Sie: SGsc> hm... not quite right.. SGsc> there are 4 mx for bluewin: SGsc> ;; ANSWER SECTION: SGsc> bluewin.ch. 20947 IN MX 10 mxbw.bluewin.ch. SGsc> bluewin.ch. 20947 IN MX 42 mxzhh.bluewin.ch. SGsc> bluewin.ch. 20947 IN MX 42 mxzhb.bluewin.ch. SGsc> bluewin.ch. 20947 IN MX 66 mx49.bluewin.ch. SGsc> at least one is answering ,-) SGsc> [EMAIL PROTECTED] ~]$ telnet mxbw.bluewin.ch 25 SGsc> mxbw.bluewin.ch: hostname nor servname provided, or not known SGsc> [EMAIL PROTECTED] ~]$ telnet mxzhh.bluewin.ch 25 SGsc> Trying 195.186.19.144... SGsc> ^C SGsc> [EMAIL PROTECTED] ~]$ telnet mxzhb.bluewin.ch 25 SGsc> Trying 195.186.18.144... SGsc> Connected to mxzhb.bluewin.ch. SGsc> Escape character is '^]'. SGsc> 220 mx13.bluewin.ch ESMTP Service (Bluewin wppuqpqq 7.3.121) ready SGsc> quit SGsc> 221 mx13.bluewin.ch QUIT SGsc> Connection closed by foreign host. SGsc> [EMAIL PROTECTED] ~]$ telnet mx49.bluewin.ch 25 SGsc> Trying 195.186.18.99... SGsc> ^C SGsc> [EMAIL PROTECTED] ~]$ telnet mxbw.bluewin.ch 25 SGsc> mxbw.bluewin.ch: hostname nor servname provided, or not known SGsc> -steven SGsc> -Original Message- SGsc> From: [EMAIL PROTECTED] SGsc> [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Weiler - SGsc> Kabelfernsehen Boedeli AG SGsc> Sent: Monday, January 21, 2008 11:37 AM SGsc> To: [EMAIL PROTECTED] SGsc> Subject: [swinog] bluewin not accepting email at the moment SGsc> From my side it looks like bluewin mailserver is not accepting any email SGsc> at the moment. SGsc> (delivery temporarily suspended: connect to SGsc> mx49.bluewin.ch[195.186.18.99]: Connection timed out) SGsc> Can someone confirm this, or might it only be on our side. SGsc> Andreas Weiler SGsc> Kabelfernsehen Boedeli AG SGsc> ___ SGsc> swinog mailing list SGsc> swinog@lists.swinog.ch SGsc> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Log centralisation / mining
Hello Raffy Splunk. Definitely Splunk ;) > -- Raffael Marty Chief Security Strategist @ Splunk> Security Visualization: http://secviz.org raffy.ch/blog I see. A totally unbiased position. ;) -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 29 CH-8152 Glattbrugg Phone: +41 44 562 30 40 Fax: +41 44 562 30 41 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] Some of you might agree with this
Robert Bertschinger wrote: > Per, > > What kind of subhect line is that??? On the first sight it looks just > like a typical, meaningless Spam-Subject line ... > > Anyway, thanks for the link and yes I do agree :-) Hi Robert (and everyone) I didn't want to offend anyone here - not everyone agrees with open standards etc. /Per ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] Some of you might agree with this
Per, What kind of subhect line is that??? On the first sight it looks just like a typical, meaningless Spam-Subject line ... Anyway, thanks for the link and yes I do agree :-) Cheers Robert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Per Jessen Sent: Montag, 21. Januar 2008 11:34 To: swinog@lists.swinog.ch Subject: [swinog] Some of you might agree with this I have just read and signed the online petition: "Use free standards" hosted on the web by PetitionOnline.com, the free online petition service, at: http://www.PetitionOnline.com/lortow3/ I personally agree with what this petition says, and I think you might agree, too. If you can spare a moment, please take a look, and consider signing yourself. /Per Jessen, Herrliberg ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] bluewin not accepting email at the moment
hm... not quite right.. there are 4 mx for bluewin: ;; ANSWER SECTION: bluewin.ch. 20947 IN MX 10 mxbw.bluewin.ch. bluewin.ch. 20947 IN MX 42 mxzhh.bluewin.ch. bluewin.ch. 20947 IN MX 42 mxzhb.bluewin.ch. bluewin.ch. 20947 IN MX 66 mx49.bluewin.ch. at least one is answering ,-) [EMAIL PROTECTED] ~]$ telnet mxbw.bluewin.ch 25 mxbw.bluewin.ch: hostname nor servname provided, or not known [EMAIL PROTECTED] ~]$ telnet mxzhh.bluewin.ch 25 Trying 195.186.19.144... ^C [EMAIL PROTECTED] ~]$ telnet mxzhb.bluewin.ch 25 Trying 195.186.18.144... Connected to mxzhb.bluewin.ch. Escape character is '^]'. 220 mx13.bluewin.ch ESMTP Service (Bluewin wppuqpqq 7.3.121) ready quit 221 mx13.bluewin.ch QUIT Connection closed by foreign host. [EMAIL PROTECTED] ~]$ telnet mx49.bluewin.ch 25 Trying 195.186.18.99... ^C [EMAIL PROTECTED] ~]$ telnet mxbw.bluewin.ch 25 mxbw.bluewin.ch: hostname nor servname provided, or not known -steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Weiler - Kabelfernsehen Boedeli AG Sent: Monday, January 21, 2008 11:37 AM To: [EMAIL PROTECTED] Subject: [swinog] bluewin not accepting email at the moment >From my side it looks like bluewin mailserver is not accepting any email at the moment. (delivery temporarily suspended: connect to mx49.bluewin.ch[195.186.18.99]: Connection timed out) Can someone confirm this, or might it only be on our side. Andreas Weiler Kabelfernsehen Boedeli AG ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] bluewin not accepting email at the moment
From my side it looks like bluewin mailserver is not accepting any email at the moment. (delivery temporarily suspended: connect to mx49.bluewin.ch[195.186.18.99]: Connection timed out) Can someone confirm this, or might it only be on our side. Andreas Weiler Kabelfernsehen Boedeli AG ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Some of you might agree with this
I have just read and signed the online petition: "Use free standards" hosted on the web by PetitionOnline.com, the free online petition service, at: http://www.PetitionOnline.com/lortow3/ I personally agree with what this petition says, and I think you might agree, too. If you can spare a moment, please take a look, and consider signing yourself. /Per Jessen, Herrliberg ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] KVM-over-IP
Steven, >From what I have seen so far, the most portable solution are the KVMs from Startech. They got it all, VNC, JAVA client which works with any Java Capable OS, Radius for Auth and so on. Unfortunately they do not make a CAT5 KVM :( but as others have adivised you could buy a KVM to IP bridge from them and use it with your existing KVM solution. Their p/n for it is SV1110IPEXT If you want to go really cheap: Look out on Ebay.com, this extender pops up there regularly and goes for around 200$, which, considering current dollars condition is a steal. Another nice solution is IMHO latest Raritan Dominion KVMs, those are pretty reliable and nice but very pricey. Cheers -- Kirill Ponazdyr Technical Director Codeangels Solutions GmbH Tel: +41 (0)43 844 90 10 Fax: +41 (0)43 844 90 12 http://www.codeangels.ch http://www.codeangels.com > hi boys & girls > > i'm looking for a nice (and of course cheap) solution for a KVM-over-IP > (VGA,USB for keyboard, mouse; some mice need PS/2 adapters) switch for > my windows servers. a port capacity >=16 ports would be appreciated. > some VNC solution would be great. > does someone has a good experience with a product? some recommendations? > as i said: i'm not looking for the rollsroyce-priced tool ,-) > > -steven > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: AW: [swinog] Log centralisation / mining
Michele Capobianco schrieb: > Too bad that Splunk does not run on Windows :( > > We are a Windows Company and if i tell them that we want to run a Linux > Server, our Management would kill me ;) > Then, don't expect a free (OSS) solution ;-) I'd look into some of the UTM (Unified Threat Management) or (specialized) IDS solutions. I haven't tried it, but if I'd have a budget, I'd take a look at Tenable's log-correlation products: http://www.tenablesecurity.com/ They actually don't run on Windows, either, but they can analyze Windows-logs. See these links: http://www.networkintrusion.co.uk/consoles.htm BTW: I'd be interested to hear from people running one of those. > Is there anything out in the Net for Log management witch is Windows Based? > I guess there is a system-management solution from MSFT, too. Call your MSFT-sales rep ;-) cheers, Rainer ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Log centralisation / mining
On Mon, 2008-01-21 at 08:47 +0100, Marcel Prisi wrote: > Hi all, > > I am looking for a good log centralisation / alerting / mining solution. > I know about syslog-ng / rsyslog+phpLogCon, I'd like something more > complete ... Hi, If you need a commercial solution and need to be compliant (SOX, Basel II etc.) I was working the last week with RSA enVision. It supports all kind of log-interfaces and got very good reporting/alarming/reporting functions. I also like the opensource solutions but I couldn't find any solution yet for a good reporting and alarming. If you need to know more about enVision you can contact me directly. Peter ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: AW: [swinog] Log centralisation / mining
Too bad that Splunk does not run on Windows :( Not yet! There is a preview version out that runs on Windows, but it's still a bit unstable. By the end of the month, we should have something that is releasable! Hang tight or try the preview! Cheers -raffy We are a Windows Company and if i tell them that we want to run a Linux Server, our Management would kill me ;) Is there anything out in the Net for Log management witch is Windows Based? Regards Capo -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] Im Auftrag von Raffael Marty Gesendet: Montag, 21. Januar 2008 09:07 An: [EMAIL PROTECTED] Betreff: Re: [swinog] Log centralisation / mining Splunk. Definitely Splunk ;) If you have any questions or you want to talk more about your use- cases, I am happy to have a chat with you. On a serious note, I think you should try it. And it is free up to 500MB/day! That's quite a bit. After that it's fairly reasonably priced! One other thing that you might want to take into consideration is that other log management solutions don't cope with configuration files or multi-line information very well, if at all. I could list you a few very interesting use-cases around that: configuration management comes to mind. Also have a look at my blog where I talk a bit about the difference between IT Search (splunk) and the log management tools: blogs.splunk.com/raffy. Seisch, wenn'd irgendwelchi Frogae hesch! Raffy -- Raffael Marty Chief Security Strategist @ Splunk> Security Visualization: http://secviz.org raffy.ch/blog On Jan 20, 2008, at 11:52 PM, Olivier Beytrison wrote: Hello, Maybe have a look at splunk. It's not free, but it seems to do what you're looking for. I'd like to ask at the same time if anyone here is using it. Because I thinking about installing it on our network. So some feedbacks would be great. www.splunk.com Regards, Olivier B. Marcel Prisi a écrit : Hi all, I am looking for a good log centralisation / alerting / mining solution. I know about syslog-ng / rsyslog+phpLogCon, I'd like something more complete ... Something with a bit of realtime analysis (regexp ?) and correlation ... and a nice interface where you could get some useful details fast ... What solution do swinoggers use ?? Thanks ! ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] KVM-over-IP
ciao alex ich brauch hardware, keine software geschichte, wenn der windows server spackt... ,-) -steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Faes, Alexander Sent: Monday, January 21, 2008 9:24 AM To: [EMAIL PROTECTED] Subject: AW: [swinog] KVM-over-IP Tschau Steven, Hesch gut ? Au scho lang nuem ghört und gseh ;) lueg chasch au mit sowas was afange.. http://www.opengear.com/virtualkvm.html Mit freundlichen Grüssen Alexander Faes Professional Services // Network Engineer BECHTLE IT-SYSTEMHAUS ZÜRICH tel: +41 43 333 73 02 gsm: +41 79 570 85 00 fax:+41 43 333 70 70 [EMAIL PROTECTED] www.bechtle-it-systemhaus.ch -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED] Gesendet: Montag, 21. Januar 2008 09:12 An: [EMAIL PROTECTED] Betreff: [swinog] KVM-over-IP hi boys & girls i'm looking for a nice (and of course cheap) solution for a KVM-over-IP (VGA,USB for keyboard, mouse; some mice need PS/2 adapters) switch for my windows servers. a port capacity >=16 ports would be appreciated. some VNC solution would be great. does someone has a good experience with a product? some recommendations? as i said: i'm not looking for the rollsroyce-priced tool ,-) -steven ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
AW: [swinog] KVM-over-IP
Hi Steven We use the LevelOne IP KVM -> http://www.level-one.de/products3.php?idu=7030&id=1891 No problems so far. cu René -Original Nachricht- From: [EMAIL PROTECTED] Date: Mon, 21 Jan 2008 09:12:14 +0100 To: [EMAIL PROTECTED] Subject: [swinog] KVM-over-IP > hi boys & girls > > i'm looking for a nice (and of course cheap) solution for a KVM-over-IP > (VGA,USB for keyboard, mouse; some mice need PS/2 adapters) switch for > my windows servers. a port capacity >=16 ports would be appreciated. > some VNC solution would be great. > does someone has a good experience with a product? some recommendations? > as i said: i'm not looking for the rollsroyce-priced tool ,-) > > -steven > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
AW: [swinog] Log centralisation / mining
Too bad that Splunk does not run on Windows :( We are a Windows Company and if i tell them that we want to run a Linux Server, our Management would kill me ;) Is there anything out in the Net for Log management witch is Windows Based? Regards Capo -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Raffael Marty Gesendet: Montag, 21. Januar 2008 09:07 An: [EMAIL PROTECTED] Betreff: Re: [swinog] Log centralisation / mining Splunk. Definitely Splunk ;) If you have any questions or you want to talk more about your use- cases, I am happy to have a chat with you. On a serious note, I think you should try it. And it is free up to 500MB/day! That's quite a bit. After that it's fairly reasonably priced! One other thing that you might want to take into consideration is that other log management solutions don't cope with configuration files or multi-line information very well, if at all. I could list you a few very interesting use-cases around that: configuration management comes to mind. Also have a look at my blog where I talk a bit about the difference between IT Search (splunk) and the log management tools: blogs.splunk.com/raffy. Seisch, wenn'd irgendwelchi Frogae hesch! Raffy -- Raffael Marty Chief Security Strategist @ Splunk> Security Visualization: http://secviz.org raffy.ch/blog On Jan 20, 2008, at 11:52 PM, Olivier Beytrison wrote: > Hello, > > Maybe have a look at splunk. It's not free, but it seems to do what > you're looking for. > > I'd like to ask at the same time if anyone here is using it. Because > I thinking about installing it on our network. So some feedbacks > would be great. > > www.splunk.com > > > Regards, > Olivier B. > > Marcel Prisi a écrit : >> Hi all, >> I am looking for a good log centralisation / alerting / mining >> solution. >> I know about syslog-ng / rsyslog+phpLogCon, I'd like something more >> complete ... >> Something with a bit of realtime analysis (regexp ?) and >> correlation ... >> and a nice interface where you could get some useful details fast ... >> What solution do swinoggers use ?? >> Thanks ! >> ___ >> swinog mailing list >> swinog@lists.swinog.ch >> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] KVM-over-IP
Sorry, just found out, that they're EOL. But maybe there's one on Ebay ;-) Cheers, Viktor > http://h18000.www1.hp.com/products/servers/proliantstorage/rac > k-options/scs/ > index-kvm.html ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
AW: [swinog] KVM-over-IP
Tschau Steven, Hesch gut ? Au scho lang nuem ghört und gseh ;) lueg chasch au mit sowas was afange.. http://www.opengear.com/virtualkvm.html Mit freundlichen Grüssen Alexander Faes Professional Services // Network Engineer BECHTLE IT-SYSTEMHAUS ZÜRICH tel: +41 43 333 73 02 gsm: +41 79 570 85 00 fax:+41 43 333 70 70 [EMAIL PROTECTED] www.bechtle-it-systemhaus.ch -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED] Gesendet: Montag, 21. Januar 2008 09:12 An: [EMAIL PROTECTED] Betreff: [swinog] KVM-over-IP hi boys & girls i'm looking for a nice (and of course cheap) solution for a KVM-over-IP (VGA,USB for keyboard, mouse; some mice need PS/2 adapters) switch for my windows servers. a port capacity >=16 ports would be appreciated. some VNC solution would be great. does someone has a good experience with a product? some recommendations? as i said: i'm not looking for the rollsroyce-priced tool ,-) -steven ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] KVM-over-IP
We use the HP solution, because it adds only one more Cat5 Cable per Server to the racks, whereas other solutions are just a nightmare to keep your cabling decent looking. http://h18000.www1.hp.com/products/servers/proliantstorage/rack-options/scs/ index-kvm.html Pricing is OK IMHO, YMMV Cheers, Viktor ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] KVM-over-IP
Hello Steven then dont search for a complete solution. Get a normal, expandable KVM, and there exists some VGA etc to IP Converters - so build it from two devices. thats cheaper I will search through my bookmarks now silvan Am 21.01.2008 um 09:12 schrieb <[EMAIL PROTECTED]>: hi boys & girls i'm looking for a nice (and of course cheap) solution for a KVM-over- IP (VGA,USB for keyboard, mouse; some mice need PS/2 adapters) switch for my windows servers. a port capacity >=16 ports would be appreciated. some VNC solution would be great. does someone has a good experience with a product? some recommendations? as i said: i'm not looking for the rollsroyce-priced tool ,-) -steven ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] KVM-over-IP
hi boys & girls i'm looking for a nice (and of course cheap) solution for a KVM-over-IP (VGA,USB for keyboard, mouse; some mice need PS/2 adapters) switch for my windows servers. a port capacity >=16 ports would be appreciated. some VNC solution would be great. does someone has a good experience with a product? some recommendations? as i said: i'm not looking for the rollsroyce-priced tool ,-) -steven ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Log centralisation / mining
Splunk. Definitely Splunk ;) If you have any questions or you want to talk more about your use- cases, I am happy to have a chat with you. On a serious note, I think you should try it. And it is free up to 500MB/day! That's quite a bit. After that it's fairly reasonably priced! One other thing that you might want to take into consideration is that other log management solutions don't cope with configuration files or multi-line information very well, if at all. I could list you a few very interesting use-cases around that: configuration management comes to mind. Also have a look at my blog where I talk a bit about the difference between IT Search (splunk) and the log management tools: blogs.splunk.com/raffy. Seisch, wenn'd irgendwelchi Frogae hesch! Raffy -- Raffael Marty Chief Security Strategist @ Splunk> Security Visualization: http://secviz.org raffy.ch/blog On Jan 20, 2008, at 11:52 PM, Olivier Beytrison wrote: Hello, Maybe have a look at splunk. It's not free, but it seems to do what you're looking for. I'd like to ask at the same time if anyone here is using it. Because I thinking about installing it on our network. So some feedbacks would be great. www.splunk.com Regards, Olivier B. Marcel Prisi a écrit : Hi all, I am looking for a good log centralisation / alerting / mining solution. I know about syslog-ng / rsyslog+phpLogCon, I'd like something more complete ... Something with a bit of realtime analysis (regexp ?) and correlation ... and a nice interface where you could get some useful details fast ... What solution do swinoggers use ?? Thanks ! ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] Log centralisation / mining
Le lundi 21 janvier 2008 à 08:56 +0100, Reza Kordi a écrit : > Hi! > > Give us more details... > > What is your log volume? How many systems? > For now, 20-30 systems (growing), and we also use syslog from some of our applications. > Are you looking for a opensource solution or a commercial one? > I would of course better like an opensource one, but I will evaluate every interesting solution. Thanks. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Log centralisation / mining
Hi There is actually a free version of splunk, with a few restrictions though (no access controls). But you still can handle up to 500MB Log per day and it's quite easy to install and configure. The search engine seems to be quite powerful, we run it on a debian system with 256mb ram, got approx. 7'500'000 log entries on it and a searching for a host takes just a few secs. Regards Tobias Olivier Beytrison schrieb: Hello, Maybe have a look at splunk. It's not free, but it seems to do what you're looking for. I'd like to ask at the same time if anyone here is using it. Because I thinking about installing it on our network. So some feedbacks would be great. www.splunk.com Regards, Olivier B. Marcel Prisi a écrit : Hi all, I am looking for a good log centralisation / alerting / mining solution. I know about syslog-ng / rsyslog+phpLogCon, I'd like something more complete ... Something with a bit of realtime analysis (regexp ?) and correlation ... and a nice interface where you could get some useful details fast ... What solution do swinoggers use ?? Thanks ! ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog