Em 16-04-2010 16:38, rainer at ultra-secure.de escreveu: >> Hi >> >> I am using rsyslog to get logs to a central box and they are stored in the >> format of >> >> /<hostname>/<year>/<month>/<day>/<logfilename> >> >> I need a solution that can trawl through these directories and pick up >> exceptions like failed logons and sudo usage that sort of thing. >> >> Has anyone got any clues as to what might help to achieve this, i am >> looking >> into logsurfer but not sure if this handles the directory structure >> nicely. >> >> thanks for any tips > > Good question. > How many servers do you have to collect logs from? > > I'd like to hear of people who have used both Splunk and/or prelude in an > environment with, say, 500<x<1000 servers, for collection of logs and can > voice a few opinions. I've recently set up syslog-ng to collect syslog from about 60 machines (and counting), don't know if I'll reach there. I'd like to know of good Free Software replacement(s) for Splunk, oriented to log analysis, if anyone can speak of any. Right now, another absolutely crappy solution from a famous 3-letter-acronym company is being used, even though the users would prefer Splunk. I'd like to show off something about as good as Splunk for log analysis. Rui