Sender: |
|
Date: |
Wed, 4 Jan 2006 09:46:22 +0100 |
MIME-version: |
1.0 |
Reply-To: |
|
Content-type: |
TEXT/PLAIN; format=flowed; charset=US-ASCII |
Subject: |
|
From: |
|
In-Reply-To: |
|
Comments: |
|
Parts/Attachments: |
|
|
We're using this: http://www.cert.dfn.de/eng/logsurf/ for processing the
syslog input from some 450 systems. It works well since we replaced the
E450 loghost by a dual Xeon 2.8 with 2 GB RAM.
I think it needs quite a bit of configuration, and some attention
occasionally. But our expert for this tool can do wonderful things with
it, like sending us just a single mail for events that produce many log
messages (breaking hard drives), or detecting brute force attacks by
correlating failed login attempts from different systems.
Stephan
On Tue, 3 Jan 2006, Luke Scharf wrote:
> I've set up my nifty-new syslog server. However, logwatch just isn't
> cutting it since it stips off the hostname of the machine for each item
> it reports.
>
> Does anyone have any recommendation for log-analysis software where you
> have 20 machines dumping syslog data into one? (I may have as many as
> 130 machines at some point; the Windows syslog service on sourceforge
> looks intriguing.)
>
> Thanks,
> -Luke
>
>
--
----------------------------------------------------
| Stephan Wiesand | |
| | |
| DESY - DV - | phone +49 33762 7 7370 |
| Platanenallee 6 | fax +49 33762 7 7216 |
| 15738 Zeuthen | |
| Germany | |
----------------------------------------------------
|
|
|