[PLUG] monitoring/syslogging

jeff on 2 May 2008 07:50:37 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] monitoring/syslogging

From: jeff <jeffv@op.net>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: [PLUG] monitoring/syslogging

Date: Fri, 02 May 2008 10:50:27 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.14 (X11/20080421)

Thank you to all who replied. I've been going over the choices way too much recently. VMware is a gift from the linux god(s). I've been trying out various prebuilt machines, among them OSSIM, CACTI, ZENOSS and others. You dl the vm, plug it into VMplayer, configure to network, and you're off. What makes me really happy is that they throw everything you need into one package. As I was downloading it, I came across a page on configuring the program from scratch. It wasn't pretty but it WAS long. OSSIM is incredible. It's got so much stuff crammed into it that it will take months to learn just how to operate it, no less how to do it correctly or what it can possibly do. Haven't found event logging yet though. The internal Nessus scanner has already given me way too much to investigate on the network. As for logging, it's been pretty much as I expected: much research, much effort required, and entirely not what I want to be using. (JP - I've been going through your exhaustive list - very good reference) I'm not whining, just observing. I have tried out the logchecks, et al, and as plain a guy as I am, I would still prefer some graphics, like a dashboard graph kinda thing. Temporarily I'm testing out ActiveXperts Network Monitor, which will alert me to log issues but doesn't have very good filtering and doesn't actually forward the log - I have to remote to the servers. I had another one that was better but as one would expect, Windows took a dive and ate the program. Both programs are Windows-only. I'll be taking another look at Wireshark/tcpdump, which will do for finding issues as they're happening (provided I know where to look). I'd still like a larger view program though. If I can figure out OSSIM, that will probably do it. Updates as I figure them out. Thanks again for all the suggestions. The knowledgebase here is incredible. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] ssh key based authentication

Next by Date: Re: [PLUG] ssh key based authentication

Previous by thread: Re: [PLUG] ssh key based authentication

Next by thread: Re: [PLUG] Saving data from a precarious drive

Index(es):

Date

Thread