Em 16-04-2010 16:38, rainer@ultra-secure.de escreveu:
Hi
I am using rsyslog to get logs to a central box and they are stored in the format of
/<hostname>/<year>/<month>/<day>/<logfilename>
I need a solution that can trawl through these directories and pick up exceptions like failed logons and sudo usage that sort of thing.
Has anyone got any clues as to what might help to achieve this, i am looking into logsurfer but not sure if this handles the directory structure nicely.
thanks for any tips
Good question. How many servers do you have to collect logs from?
I'd like to hear of people who have used both Splunk and/or prelude in an environment with, say, 500<x<1000 servers, for collection of logs and can voice a few opinions.
I've recently set up syslog-ng to collect syslog from about 60 machines (and counting), don't know if I'll reach there.
I'd like to know of good Free Software replacement(s) for Splunk, oriented to log analysis, if anyone can speak of any.
Right now, another absolutely crappy solution from a famous 3-letter-acronym company is being used, even though the users would prefer Splunk.
I'd like to show off something about as good as Splunk for log analysis.
Rui