[ale] Alternative to splunk?

Jim Kinney jim.kinney at gmail.com
Fri Jun 6 12:49:26 EDT 2014


On Fri, Jun 6, 2014 at 10:39 AM, JD <jdp at algoloma.com> wrote:

> A presentation topic in the making?
> "Handling system logs for a site with fantastic query/deep dive facilities"
>

on a budget. That's a key phrase!

I need to keep original log files for HIPAA for at least one year. So
that's messages, secure, audit, maillog plus application logs from Oracle
and the custom software used. It's only 8 physical and 5 virtual machines
but it can mean up to 2G/day/system. And it _ALL_ has top be reviewed at
least monthly. I'm looking at statistical analysis of various parts to
point to anomalies for security issues.
Fred logs in daily around 9. Fred's account showed activity early one day
around 5. Talk to Fred.

>
> On 06/06/2014 10:11 AM, Jeremy T. Bouse wrote:
> > On 06.06.2014 09:25, Beddingfield, Allen wrote:
> >> One of my co-workers set up Logstash, but it seems to take a lot of
> >> care and feeding, and a lot of servers.  We are about to move that to
> >> Splunk.
> >> --
> >> Allen Beddingfield
> >> Systems Engineer
> >> The University of Alabama
> >>
> >
> > Not sure exactly what is meant by "care and feeding" but Logstash itself
> is
> > lightweight, the real storage and search is done via ElasticSearch. The
> more ES
> > servers the more distributed the searching power is and the more storage
> your ES
> > cluster has the more redundant and greater retention period you have.
> I've
> > actually written scripts that auto-snapshot off indexes daily and the
> close &
> > delete them after a specified retention period. Logstash stack pretty
> much runs
> > on auto-pilot at this point.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain


*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140606/3df4fa26/attachment.html>


More information about the Ale mailing list