I recently ran across the Octopussy project which looks interesting. I haven't tried it out yet though. Can't say that I like the url too much either. http://www.8pussy.org/doku.php -- David On Fri, Apr 16, 2010 at 11:38 AM, <rainer at ultra-secure.de> wrote: > > Hi > > > > I am using rsyslog to get logs to a central box and they are stored in > the > > format of > > > > /<hostname>/<year>/<month>/<day>/<logfilename> > > > > I need a solution that can trawl through these directories and pick up > > exceptions like failed logons and sudo usage that sort of thing. > > > > Has anyone got any clues as to what might help to achieve this, i am > > looking > > into logsurfer but not sure if this handles the directory structure > > nicely. > > > > thanks for any tips > > Good question. > How many servers do you have to collect logs from? > > I'd like to hear of people who have used both Splunk and/or prelude in an > environment with, say, 500<x<1000 servers, for collection of logs and can > voice a few opinions. > > The problem, as the author recognizes, is not collection but retrieval and > processing (a cron-job that deletes them periodically does not qualify as > "processing"...). > > > > Rainer > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100416/5f649b9c/attachment-0005.html>