[145325] in North American Network Operators' Group
Re: events
daemon@ATHENA.MIT.EDU (jeff murphy)
Tue Oct 4 11:52:15 2011
From: jeff murphy <jcmurphy@jeffmurphy.org>
In-Reply-To: <E36EB8E60B5EB244AAFCFEF0AF0A116D02FE359A81@MS-EX7MB-P03.corp.se.sempra.com>
Date: Tue, 4 Oct 2011 11:50:25 -0400
To: "Jones, Barry" <BEJones@semprautilities.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_A4F002FB-74F6-448A-8FE8-C59BD6C5A9B4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
http://code.google.com/p/eventlog-to-syslog/
On Oct 4, 2011, at 11:47 AM, Jones, Barry wrote:
> A sub question to this would be - is anyone using an app or client =
that will forward windows OS events to said collector? I've seen =
Loglogic and others. Was just curious if you've used a small scale =
version to collect security events - log on, log off, etc...?
>=20
> -----Original Message-----
> From: Harry Hoffman [mailto:hhoffman@ip-solutions.net]=20
> Sent: Friday, September 30, 2011 6:56 AM
> To: nanog@nanog.org
> Subject: Re: events
>=20
> It's a bit old but still works well. Russel Fulton and I worked on =
this when I was down in NZ.
>=20
> You still need to run syslog-ng but this allows you to ignore, warn, =
alert on logs via regex.
>=20
>=20
> http://www.ip-solutions.net/syslog-ng/
>=20
>=20
> Cheers,
> Harry
>=20
>=20
>=20
> On 09/30/2011 09:50 AM, harbor235 wrote:
>> What is everyone using to collect, alert, and analyze syslog data?
>> I am looking for something that can generate reports as well as =
support
>> multiple vendors. We have done some home grown stuff in the past but
>> would be interested in something that incorprates all the best =
features.
>>=20
>> Soalrwinds, splunk, fwanalog, and others come to mind, any other good =
ones
>> out there?
>>=20
>>=20
>> Mike
>>=20
>=20
>=20
--Apple-Mail=_A4F002FB-74F6-448A-8FE8-C59BD6C5A9B4
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIID2jCCA9Yw
ggK+oAMCAQICBFLVAb0wCwYJKoZIhvcNAQEFMIGaMSIwIAYDVQQDDBlXaW5kb3dzIFBob25lIDcg
Q29ubmVjdG9yMQswCQYDVQQGEwJVUzESMBAGA1UECgwJTWljcm9zb2Z0MRYwFAYDVQQLDA1XaW5k
b3dzIFBob25lMRMwEQYDVQQIDApXYXNoaW5ndG9uMSYwJAYJKoZIhvcNAQkBFhdqY211cnBoeUBq
ZWZmbXVycGh5Lm9yZzAeFw0xMTA5MjgwMTAyMjhaFw0xMTEwMjgwMTAyMjhaMIGaMSIwIAYDVQQD
DBlXaW5kb3dzIFBob25lIDcgQ29ubmVjdG9yMQswCQYDVQQGEwJVUzESMBAGA1UECgwJTWljcm9z
b2Z0MRYwFAYDVQQLDA1XaW5kb3dzIFBob25lMRMwEQYDVQQIDApXYXNoaW5ndG9uMSYwJAYJKoZI
hvcNAQkBFhdqY211cnBoeUBqZWZmbXVycGh5Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAJvHhiRzgUwYbVRTGx6vm1Okh+qgqcXqSknblLIqUxKS8iu6pdfOqzs/9v6YeCja+b0T
LMWcM9A0Yd+ZDPLAZSCU0bhWZE+hcWyO0aXdSSqVbnFBL0wy5numuNHdfDHg7vkIkz9bpENGVepc
lCVI2EqlMFdXWietyW7Zen6oaCZZkvQQGhMnpRoFo58JnPgS66QxEKsmd2WHqVrLvjdva5Vizvok
uu7MRYbXpvX8z5frfojS+x9EJ/C1mmMoly9k5hVSOzOhVdbwPmLlgp6f9lAD3OmJuPN5+ZAvOYcy
6/t625D9k5vR5zgGM5xjVi6Wuqxa72ZOg62iP+2tqRHgurECAwEAAaMkMCIwDwYDVR0TAQH/BAUw
AwEB/zAPBgNVHSUECDAGBgRVHSUAMA0GCSqGSIb3DQEBBQUAA4IBAQAE8sSJIXmT6GN7VYqc548D
Uk+bvN/11BtQFO1ByV7W1+W6z55ORRjQhaZhXJAagK9rEtiEvUzJPZkGeSEVzBlIkSNZ6tYWBBhY
bZcgz01X7lTT2/ko7WROtTRAlfFkH+gSq0cZuevNSOlZc4xZ98TOftyCnUpVrKAjRpHF2T4SWoBj
2YZVXy/MRzfs/YKyUbq1KZ/p+q7Rqr8/l00947dllVEhJqW6BNJa+Itpg1xkYQGj199zOq8Z2rJK
EDzFHQPR49B2lpvrrCwC9QiFBn5FNgy8pCy3I+BCkzgqhYdUl9SSyMPw6ZN6u75MIYxbD944Kpzg
dZEhA5MrdJFyj3/dMYIDnDCCA5gCAQEwgaMwgZoxIjAgBgNVBAMMGVdpbmRvd3MgUGhvbmUgNyBD
b25uZWN0b3IxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlNaWNyb3NvZnQxFjAUBgNVBAsMDVdpbmRv
d3MgUGhvbmUxEzARBgNVBAgMCldhc2hpbmd0b24xJjAkBgkqhkiG9w0BCQEWF2pjbXVycGh5QGpl
ZmZtdXJwaHkub3JnAgRS1QG9MAkGBSsOAwIaBQCgggHNMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTExMTAwNDE1NTAyNVowIwYJKoZIhvcNAQkEMRYEFDQWhT8ISgqo
IhxlNPqyg+lri0mGMIG0BgkrBgEEAYI3EAQxgaYwgaMwgZoxIjAgBgNVBAMMGVdpbmRvd3MgUGhv
bmUgNyBDb25uZWN0b3IxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlNaWNyb3NvZnQxFjAUBgNVBAsM
DVdpbmRvd3MgUGhvbmUxEzARBgNVBAgMCldhc2hpbmd0b24xJjAkBgkqhkiG9w0BCQEWF2pjbXVy
cGh5QGplZmZtdXJwaHkub3JnAgRS1QG9MIG2BgsqhkiG9w0BCRACCzGBpqCBozCBmjEiMCAGA1UE
AwwZV2luZG93cyBQaG9uZSA3IENvbm5lY3RvcjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCU1pY3Jv
c29mdDEWMBQGA1UECwwNV2luZG93cyBQaG9uZTETMBEGA1UECAwKV2FzaGluZ3RvbjEmMCQGCSqG
SIb3DQEJARYXamNtdXJwaHlAamVmZm11cnBoeS5vcmcCBFLVAb0wDQYJKoZIhvcNAQEBBQAEggEA
JVBNwNv2fjo1ILXYU2PdBpfiEvuz/OIgf9qrM8wN9PnaGAJNWxVEdvwyxnS4gXwBv+3w2htJtgEZ
t+0FQT1iQwUqOX3aqGqwl3p91+miKiDUJ/H6dypWbYxZAgql5zOgfw65U1ttF15Ldo46xvsER+SB
2eOc2X4AizoDNgGBranKXgnNkGHjHUHyDv/VuYqoVe0bo8ldXtQZngb94fzm5OItuS7Uz6xcZqq7
ytI1hZvPd1RDhFQWrPF3NP5/QuARoNkbM4KrtMml8URa2cjlrkSJiO0sJCn/xj2l1x3jbFE7/inc
PwfeQqHgkh50bvT7isMVlAbfeZR9YBGXmPXXjgAAAAAAAA==
--Apple-Mail=_A4F002FB-74F6-448A-8FE8-C59BD6C5A9B4--
