 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 4 Jan 2006 09:46:22 +0100 |
| Content-Type: | TEXT/PLAIN |
| Parts/Attachments: |
|
|
We're using this: http://www.cert.dfn.de/eng/logsurf/ for processing the
syslog input from some 450 systems. It works well since we replaced the
E450 loghost by a dual Xeon 2.8 with 2 GB RAM.
I think it needs quite a bit of configuration, and some attention
occasionally. But our expert for this tool can do wonderful things with
it, like sending us just a single mail for events that produce many log
messages (breaking hard drives), or detecting brute force attacks by
correlating failed login attempts from different systems.
Stephan
On Tue, 3 Jan 2006, Luke Scharf wrote:
> I've set up my nifty-new syslog server. However, logwatch just isn't
> cutting it since it stips off the hostname of the machine for each item
> it reports.
>
> Does anyone have any recommendation for log-analysis software where you
> have 20 machines dumping syslog data into one? (I may have as many as
> 130 machines at some point; the Windows syslog service on sourceforge
> looks intriguing.)
>
> Thanks,
> -Luke
>
>
--
----------------------------------------------------
| Stephan Wiesand | |
| | |
| DESY - DV - | phone +49 33762 7 7370 |
| Platanenallee 6 | fax +49 33762 7 7216 |
| 15738 Zeuthen | |
| Germany | |
----------------------------------------------------
|
|
|
