Re: FREE SYSADMIN SEARCH TOOL

From: Marcel Edward Verhagen (marcel_at_meverhagen.coim)
Date: 10/20/05

• Next message: Kilo Bravo: "rpm for php5"
• Previous message: Nicholas Andrade: "Re: Redhat Fedora RC 4"
• In reply to: rachel dafny: "Re: FREE SYSADMIN SEARCH TOOL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Thu, 20 Oct 2005 17:44:57 +0200

rachel dafny wrote:
> I see some big confusions from your post. Splunk is not related to
> Google and does not attract people to abuse errors! Your logs are
> indexed locally on your own secure machines and not visible to the
> world. Splunk does not throw your logs into one file, as you said.
> Every source is kept seperate, but each is indexed and searchable in
> seconds. Linux servers can have many dozens of log files and with many
> machines the number of files can escalate and become unmanageable for a
> human to reasonably find what is wrong, and by hand correlate all the
> timestamps. If you wanted to search 100 log files across 20 servers,
> totaling 20GB of log files, finding everything that happened at 1:15am
> is very, very hard and time consuming. With splunk it happens within a
> few seconds. You can also ask it to sort your results by how
> unexpected the event was, so you can say 'show me anything very
> unexpected around 1:14am'.
>
> http://www.splunk.com?ac=kilroy
>

Ok. I think you're correct on the most.
Every application has got it's own logs. And every log has got it's own
format. Some logs are placed in databases or in some sort of archives.
A datestamp is only added if it the time is interesting for the specific
application.

The most of the content of the logs, approximately 99,9 % is never
viewed anyway. The log entry wich do care are saved in a email format.
And is send to the root user.

Marcel

---

• Next message: Kilo Bravo: "rpm for php5"
• Previous message: Nicholas Andrade: "Re: Redhat Fedora RC 4"
• In reply to: rachel dafny: "Re: FREE SYSADMIN SEARCH TOOL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Logging ... Thank you I actually have syslog-ng installed and I am working on install Splunk, thanks for the feed back everyone. ... Subject: Logging ... splunk is just ok for viewing logs (not very nice to ... (Security-Basics) Re: Online Shared Observation Logs??? ... Sort of like a astronomy blog of logs? ... There are almost certainly some offline observation logging tools around that will generate some html for you to upload to a website, ... (sci.astro) RE: Unusual port scan? ... are you able to tell us via your logs what sort of timing there was between ... does the log dump shown here show all of the instances of this port ... being hit by this intruder? ... I am thinking this might be some sort of DOS or attempted DOS attack on your ... (Incidents) Re: Pam access.conf and host access ... was only used as a sort of wildcard. ... > restricting ssh access to a box using the following for my ... > When I try to ssh in from that IP, I get the following in the logs. ... (Focus-Linux) Re: BSDstats Project v2.0 ... ... the logs will be set to /dev/null ... ... setup bsdstats.org as a more 'neutral' site ... ... emails to the NetBSD, OpenBSD *and* DragonFlyBSD camps, and the only one that answered back with any sort of interest was the DF-BSD camp, and I have some mods to add to v3.0 to satisfy Matt's requirements to have it actually put into their base operating system ... ... he just wants some sort of 'connectivity check' put in place .... ... (freebsd-questions)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)