Hey skunks What are the best syslog servers or apps for a busy network, I need the comparisons. I'm checking out splunk, syslog-ng, rsyslog, Kiwi Syslog. Some info on this... -- Conservatism is the adherence to the old tried against the new untried.
On Tue, Jun 14, 2011 at 16:10, TheMburu George <themburu@gmail.com> wrote:
Hey skunks
What are the best syslog servers or apps for a busy network, I need the comparisons. I'm checking out splunk, syslog-ng, rsyslog, Kiwi Syslog.
Some info on this...
Hi George, Just choose one and go with it. Even the good old syslogd (native to most Unixes) can do the job too. What matters is what you want to do with the logs ultimately. Rather than run around, go with syslogNG and be happy. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.
Hi Wash I have opted to try all including OSSIM except for Kiwi. Then benchmark them. Hope i have the patience. ./TheMburu On Tue, Jun 14, 2011 at 4:27 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Tue, Jun 14, 2011 at 16:10, TheMburu George <themburu@gmail.com> wrote:
Hey skunks
What are the best syslog servers or apps for a busy network, I need the comparisons. I'm checking out splunk, syslog-ng, rsyslog, Kiwi Syslog.
Some info on this...
Hi George,
Just choose one and go with it.
Even the good old syslogd (native to most Unixes) can do the job too. What matters is what you want to do with the logs ultimately. Rather than run around, go with syslogNG and be happy.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Conservatism is the adherence to the old tried against the new untried.
Last I checked splunk has limited functions unless you purchase right? I analyze syslogs natively, hope you'll give us a comprehensive report once you done testing most of those apps. On 14 June 2011 16:54, TheMburu George <themburu@gmail.com> wrote:
Hi Wash
I have opted to try all including OSSIM except for Kiwi. Then benchmark them.
Hope i have the patience.
./TheMburu
On Tue, Jun 14, 2011 at 4:27 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Tue, Jun 14, 2011 at 16:10, TheMburu George <themburu@gmail.com>wrote:
Hey skunks
What are the best syslog servers or apps for a busy network, I need the comparisons. I'm checking out splunk, syslog-ng, rsyslog, Kiwi Syslog.
Some info on this...
Hi George,
Just choose one and go with it.
Even the good old syslogd (native to most Unixes) can do the job too. What matters is what you want to do with the logs ultimately. Rather than run around, go with syslogNG and be happy.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Conservatism is the adherence to the old tried against the new untried.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ Regards, David Njuki @njukey [Google,Twitter,Yahoo]
On Tue, Jun 14, 2011 at 16:54, TheMburu George <themburu@gmail.com> wrote:
Hi Wash
I have opted to try all including OSSIM except for Kiwi. Then benchmark them.
Hope i have the patience.
When you've got the time and the oil to burn - why not? The patience is easy to come by, since you've the former two. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.
On 6/14/11 4:27 PM, Odhiambo Washington wrote:
Even the good old syslogd (native to most Unixes) can do the job too. What matters is what you want to do with the logs ultimately. Rather than run around, go with syslogNG and be happy.
+1 for syslog-NG - lots of customization that can be done with it. You can for instance create different log files for the various devices on your network, storage based on date and time stamps i.e have a folder for 2010, 2011, and inside for Jan, April, May, and inside dates... etc. Lots of options. HTH, Michuki.
Seems like syslog-ng is the way to go, though also looking at OSSIM. ./TheMburu On Tue, Jun 14, 2011 at 5:08 PM, Michuki Mwangi <michuki@swiftkenya.com>wrote:
On 6/14/11 4:27 PM, Odhiambo Washington wrote:
Even the good old syslogd (native to most Unixes) can do the job too. What matters is what you want to do with the logs ultimately. Rather than run around, go with syslogNG and be happy.
+1 for syslog-NG - lots of customization that can be done with it. You can for instance create different log files for the various devices on your network, storage based on date and time stamps i.e have a folder for 2010, 2011, and inside for Jan, April, May, and inside dates... etc.
Lots of options.
HTH,
Michuki. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Conservatism is the adherence to the old tried against the new untried.
Is this OSSIM that app from Alien Vault? Then I guess you need much more than just "logging" and analysis. On Tue, Jun 14, 2011 at 21:04, TheMburu George <themburu@gmail.com> wrote:
Seems like syslog-ng is the way to go, though also looking at OSSIM.
./TheMburu
On Tue, Jun 14, 2011 at 5:08 PM, Michuki Mwangi <michuki@swiftkenya.com>wrote:
On 6/14/11 4:27 PM, Odhiambo Washington wrote:
Even the good old syslogd (native to most Unixes) can do the job too. What matters is what you want to do with the logs ultimately. Rather than run around, go with syslogNG and be happy.
+1 for syslog-NG - lots of customization that can be done with it. You can for instance create different log files for the various devices on your network, storage based on date and time stamps i.e have a folder for 2010, 2011, and inside for Jan, April, May, and inside dates... etc.
Lots of options.
HTH,
Michuki. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Conservatism is the adherence to the old tried against the new untried.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.
participants (4)
-
David Njuki -
Michuki Mwangi -
Odhiambo Washington -
TheMburu George