[CentOS] Logserver recommendations

Fri Apr 16 15:45:59 UTC 2010
David Miller <david3d at gmail.com>

I recently ran across the Octopussy project which looks interesting.  I
haven't tried it out yet though.  Can't say that I like the url too much
either.  http://www.8pussy.org/doku.php
--
David

On Fri, Apr 16, 2010 at 11:38 AM, <rainer at ultra-secure.de> wrote:

> > Hi
> >
> > I am using rsyslog to get logs to a central box and they are stored in
> the
> > format of
> >
> > /<hostname>/<year>/<month>/<day>/<logfilename>
> >
> > I need a solution that can trawl through these directories and pick up
> > exceptions like failed logons and sudo usage that sort of thing.
> >
> > Has anyone got any clues as to what might help to achieve this, i am
> > looking
> > into logsurfer but not sure if this handles the directory structure
> > nicely.
> >
> > thanks for any tips
>
> Good question.
> How many servers do you have to collect logs from?
>
> I'd like to hear of people who have used both Splunk and/or prelude in an
> environment with, say, 500<x<1000 servers, for collection of logs and can
> voice a few opinions.
>
> The problem, as the author recognizes, is not collection but retrieval and
> processing (a cron-job that deletes them periodically does not qualify as
> "processing"...).
>
>
>
> Rainer
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20100416/5f649b9c/attachment-0003.html>