[122880] in North American Network Operators' Group
Re: log parsing tool?
daemon@ATHENA.MIT.EDU (Darren Bolding)
Mon Feb 22 17:35:02 2010
In-Reply-To: <f8bb772a1002221415s150a09e2k6a41cad8402237d6@mail.gmail.com>
Date: Mon, 22 Feb 2010 14:34:25 -0800
From: Darren Bolding <darren@bolding.org>
To: fedora fedora <fedorafans@gmail.com>
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
SEC (Simplet Event Correlator) is a very effective tool for this, IMHO. I
am by no means an expert with it, but I know several people who are, and
while it is not as well known as splunk or some other tools, I have been
very impressed by the results I've seen using it.
As with any event correlation tool, there is a significant level of invested
effort required to make use of this.
http://simple-evcorr.sourceforge.net/
Below is a presentation about SEC.
http://www.occam.com/sa/CentralizedLogging2009.pdf
On Mon, Feb 22, 2010 at 2:15 PM, fedora fedora <fedorafans@gmail.com> wrote:
> Greetings,
>
> Anyone has good recommendations for an open-sourced log parsing and
> analyzing application? It will be used to work with syslog-ng and other
> general syslog and application logs.
>
> I have been looking at swatch and logwatch, but would like to find out if
> there are other good choices, thanks
>
> FD
>
--
-- Darren Bolding --
-- darren@bolding.org --
