On Fri, Apr 16, 2010 at 11:45 AM, David Miller david3d@gmail.com wrote:
I recently ran across the Octopussy project which looks interesting. I haven't tried it out yet though. Can't say that I like the url too much either. http://www.8pussy.org/doku.php -- David
On Fri, Apr 16, 2010 at 11:38 AM, rainer@ultra-secure.de wrote:
Hi
I am using rsyslog to get logs to a central box and they are stored in
the
format of
/<hostname>/<year>/<month>/<day>/<logfilename>
I need a solution that can trawl through these directories and pick up exceptions like failed logons and sudo usage that sort of thing.
Has anyone got any clues as to what might help to achieve this, i am looking into logsurfer but not sure if this handles the directory structure nicely.
thanks for any tips
Good question. How many servers do you have to collect logs from?
I'd like to hear of people who have used both Splunk and/or prelude in an environment with, say, 500<x<1000 servers, for collection of logs and can voice a few opinions.
The problem, as the author recognizes, is not collection but retrieval and processing (a cron-job that deletes them periodically does not qualify as "processing"...).
Rainer _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Doh sorry for the top post. Need to pay more attention to that with gmail. -- David