I've tried quite a few solutions. And the solution that works for engineers
who know linux and text parsing, is often ill-suited to many operations
folks.
I have to admit, Splunk is nice and I prefer it, but the price it
outrageous. If I'm logging from 500 routers/switches, I can likely get away
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/04/2011 01:33 AM, Brian Spade wrote:
> When is [OpenNMS] 1.10 going to be released?
When it's done :)
Most likely this month. The unit tests are failing right now:
http://bamboo.internal.opennms.com:8085/
But that means that we know where t
x27;ve used a small scale version to collect security
> events - log on, log off, etc...?
>
> -Original Message-
> From: Harry Hoffman [mailto:hhoff...@ip-solutions.net]
> Sent: Friday, September 30, 2011 6:56 AM
> To: nanog@nanog.org
> Subject: Re: events
>
&g
-
From: Harry Hoffman [mailto:hhoff...@ip-solutions.net]
Sent: Friday, September 30, 2011 6:56 AM
To: nanog@nanog.org
Subject: Re: events
It's a bit old but still works well. Russel Fulton and I worked on this when I
was down in NZ.
You still need to run syslog-ng but this allows you
+1 for SEC, minimal hit on the cpu like most parsing tools, the regexp
can be painful but it is fairly extensible. Once you get used to it
you'll love it.
On 10/04/2011 05:58 AM, Ben Roeder wrote:
Hi Mike,
We have used octopussy ( http://www.8pussy.org/dokuwiki/doku.php?id=home yes
it is wo
8pussy.org ?
--
Leigh Porter
On 4 Oct 2011, at 10:59, "Ben Roeder" wrote:
> Hi Mike,
> We have used octopussy ( http://www.8pussy.org/dokuwiki/doku.php?id=home yes
> it is work safe :-) ) with ok results.
> Have used sec ( simple event correlator http://simple-evcorr.sourceforge.net/
> ) t
Hi Mike,
We have used octopussy ( http://www.8pussy.org/dokuwiki/doku.php?id=home yes
it is work safe :-) ) with ok results.
Have used sec ( simple event correlator http://simple-evcorr.sourceforge.net/ )
to some success in simple cases.
Currently having another look at this myself and the foll
Jeff,
When is 1.10 going to be released?
thx,
/bs
On Fri, Sep 30, 2011 at 11:53 AM, Jeff Gehlbach wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 09/30/2011 09:50 AM, harbor235 wrote:
>
> > Soalrwinds, splunk, fwanalog, and others come to mind, any other
> good ones
> > out the
On Fri, Sep 30, 2011 at 2:44 PM, Ukpong Ukpong wrote:
> Have you tried qradar? It's rather good
I've used Splunk and QRadar; both are available as free VMware
appliances with limitations on log volume, sufficient for testing. Or
if you're mostly looking at webserver/proxy/firewall logs, Sawmil
essages
we want, it's pretty hands off, I'm sure you could fine tune it further...
But I hear that solarwinds NPM has syslog built into it, so I'm thinking of
going with one product that covers
it all
> Subject: Re: events
> From: ja...@lixfeld.ca
> Date: Fri, 30 S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/30/2011 09:50 AM, harbor235 wrote:
> Soalrwinds, splunk, fwanalog, and others come to mind, any other
good ones
> out there?
We've made some great strides in OpenNMS in the area of syslog event
processing. The upcoming 1.10 release will be muc
Have you tried qradar? It's rather good
On 30 Sep 2011, at 19:21, Jason Lixfeld wrote:
> On 2011-09-30, at 2:13 PM, Brandon Kim wrote:
>
>> I've been happy with my basic ManageEngine's syslog, but I may be looking at
>> Solarwinds too...
>
> I've just installed the Splunk eval myself, but I'm
M
To: mlof...@wgops.com
Cc: nanog group
Subject: RE: events
Thank you! That's a bummer about the way they license their product.
All it takes is another "splunk" company to come out with something just as
competitive
I've been happy with my basic ManageEngine's syslog, but
On 2011-09-30, at 2:13 PM, Brandon Kim wrote:
> I've been happy with my basic ManageEngine's syslog, but I may be looking at
> Solarwinds too...
I've just installed the Splunk eval myself, but I'm curious about your
ManageEngine experiences. I don't have any interest in using ManageEngine as
e: Fri, 30 Sep 2011 11:36:58 -0600
> Subject: Re: events
> From: mlof...@wgops.com
> To: brandon@brandontek.com
> CC: pfu...@gmail.com; harbor...@gmail.com; nanog@nanog.org
>
> On Fri, Sep 30, 2011 at 11:21 AM, Brandon Kim
> wrote:
> >
> > Is it really that
On Fri, Sep 30, 2011 at 11:21 AM, Brandon Kim
wrote:
>
> Is it really that expensive, and WORTH the expense?
IMO, from price quotes I've gotten in the past, it's astronomically
expensive. As for worth it...depends. If you're dealing with events
for say payment processing systems, it might be.
Use Splunk here.
Cheers,
RR
On Fri, Sep 30, 2011 at 9:50 AM, harbor235 wrote:
> What is everyone using to collect, alert, and analyze syslog data?
> I am looking for something that can generate reports as well as support
> multiple vendors. We have done some home grown stuff in the past but
> w
Is it really that expensive, and WORTH the expense?
> Date: Fri, 30 Sep 2011 10:37:22 -0600
> Subject: Re: events
> From: pfu...@gmail.com
> To: harbor...@gmail.com
> CC: nanog@nanog.org
>
> We use splunk works ok except with the amount of text data you can
> pro
We use splunk works ok except with the amount of text data you can
process with it (depends on license).
-B
On Fri, Sep 30, 2011 at 7:50 AM, harbor235 wrote:
> What is everyone using to collect, alert, and analyze syslog data?
> I am looking for something that can generate reports as well as sup
I've been testing ManageEngines Syslog application. It works pretty good so
far, I haven't really hammered
it with a lot of devices.
Splunk is suppose to be king of the hill I hear, but so is their pricing.
> Date: Fri, 30 Sep 2011 09:50:29 -0400
> Subject: events
> From: harbor...@gma
It's a bit old but still works well. Russel Fulton and I worked on this
when I was down in NZ.
You still need to run syslog-ng but this allows you to ignore, warn,
alert on logs via regex.
http://www.ip-solutions.net/syslog-ng/
Cheers,
Harry
On 09/30/2011 09:50 AM, harbor235 wrote:
Wha
21 matches
Mail list logo
