Subject: | |
From: | |
Reply To: | |
Date: | Wed, 4 Jan 2006 09:43:42 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
That looks like what I had in mind.
Thanks!
-Luke
Stephan Wiesand wrote:
> We're using this: http://www.cert.dfn.de/eng/logsurf/ for processing the
> syslog input from some 450 systems. It works well since we replaced the
> E450 loghost by a dual Xeon 2.8 with 2 GB RAM.
>
> I think it needs quite a bit of configuration, and some attention
> occasionally. But our expert for this tool can do wonderful things with
> it, like sending us just a single mail for events that produce many log
> messages (breaking hard drives), or detecting brute force attacks by
> correlating failed login attempts from different systems.
>
> Stephan
>
> On Tue, 3 Jan 2006, Luke Scharf wrote:
>
>> I've set up my nifty-new syslog server. However, logwatch just isn't
>> cutting it since it stips off the hostname of the machine for each item
>> it reports.
>>
>> Does anyone have any recommendation for log-analysis software where you
>> have 20 machines dumping syslog data into one? (I may have as many as
>> 130 machines at some point; the Windows syslog service on sourceforge
>> looks intriguing.)
>>
>> Thanks,
>> -Luke
>>
>>
>
--
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering
|
|
|