[CentOS] Logserver recommendations

Fri Apr 16 15:46:50 UTC 2010
David Miller <david3d at gmail.com>

On Fri, Apr 16, 2010 at 11:45 AM, David Miller <david3d at gmail.com> wrote:

> I recently ran across the Octopussy project which looks interesting.  I
> haven't tried it out yet though.  Can't say that I like the url too much
> either.  http://www.8pussy.org/doku.php
> --
> David
>
> On Fri, Apr 16, 2010 at 11:38 AM, <rainer at ultra-secure.de> wrote:
>
>> > Hi
>> >
>> > I am using rsyslog to get logs to a central box and they are stored in
>> the
>> > format of
>> >
>> > /<hostname>/<year>/<month>/<day>/<logfilename>
>> >
>> > I need a solution that can trawl through these directories and pick up
>> > exceptions like failed logons and sudo usage that sort of thing.
>> >
>> > Has anyone got any clues as to what might help to achieve this, i am
>> > looking
>> > into logsurfer but not sure if this handles the directory structure
>> > nicely.
>> >
>> > thanks for any tips
>>
>> Good question.
>> How many servers do you have to collect logs from?
>>
>> I'd like to hear of people who have used both Splunk and/or prelude in an
>> environment with, say, 500<x<1000 servers, for collection of logs and can
>> voice a few opinions.
>>
>> The problem, as the author recognizes, is not collection but retrieval and
>> processing (a cron-job that deletes them periodically does not qualify as
>> "processing"...).
>>
>>
>>
>> Rainer
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
Doh sorry for the top post.  Need to pay more attention to that with gmail.
--
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20100416/631293f0/attachment-0005.html>