Logging solutions?
Jamon Camisso
jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Thu Oct 11 23:42:58 UTC 2012
On 12-10-11 06:42 PM, Christopher Browne wrote:
> I have added a couple more little boxes into my home environment, and
> it seems as though I probably ought to have *some* centralized
> examination of syslog and similar data.
>
> Nagios seems as though it's likely to be overkill.
>
> I poked around a little bit at answers and it looks as though
> solutions often get pretty heavyweight for something that I want to
> pay as *little* attention to as I can.
>
> Somewhat interesting is a tool called "petit"
> crunchtools.com/software/petit/
>
> The creator discusses some ideas surrounding trimming out
> irrelevancies via what he terms "artificial ignorance"
> http://www.ranum.com/security/computer_security/papers/ai/index.html
>
> The most-referenced listing of log analysis tools that I find is this
> one: <http://www.securitywarriorconsulting.com/logtools/>. Does
> anyone have better?
>
> There's something elegant about some of the thoughts in "petit", have
> to poke at that more...
I use a central rsyslog server with the relp plugin. From there
judicious use of logcheck ignore rules keeps the noise down to a
minimum. There's overhead at first in narrowing down what to ignore, but
the default set is pretty good out of the box.
Jamon
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list