Welcome to the SecAware blog

I spy with my beady eye ...

9 May 2006

Google for logs

A log collation and analysis utility called Splunk (tagline "take the SH out of IT") looks like a cool solution for those who need to manage security logs from multiple sources (e.g. Apache, IIS, Windows event logs etc.). Suck all your logs into the database on a convenient spare Linux or Solaris or FreeBSD or MacOs server, and search the whole lot through a Google-like front end. Look for strange events and unusual patterns. Sift the wheat from the chaff. It's a boon for small businesses with budgetarily-challenged sysadmins since it's free for up to 500 Mb of logs per day, while the extended Pro versions look neat too for grown-up enterprises - not least because there's a wiki with answers from the user community to "What's that in my log?"-type questions (a great idea for other software vendors - hint hint). The Splunk FAQ hints at the limitations of alternatives such as Syslog-ng, although the Windows-based Kiwi Syslog syslog concentrator strangely doesn't merit a mention.
More security links for IT Ops

No comments:

Post a Comment