[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: ossec and splunk
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: ossec and splunk
- From: "Joshua Gimer" <jgimer@xxxxxxxxx>
- Date: Fri, 6 Apr 2007 15:11:00 -0600
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=pKpjTx1Ba+mMbKOKMeLDtS6U1ntRSlEWaXY76Li8P4psaW4HJllcFz24wWlABz9Ku8ae8gB3w14KAVpnUmd0tkPI3QL05SpJSvkXEFeLi14AhO9Zlu6YFr9L6z0wMKNrszCisCJ5sPt9Z4iu2X0vB7B6nai5qvKi/XxYE+krnD4=
If you are just looking for some sort of web interface for syslog messages, there are a lot of cgi's out there. I use a combination of syslog-ng and mysql; with php-syslog-ng as a web interface. It allows you to filter based off of alert level, and host, among other things. It also has its own access control mechanism (how secure, I do not know).
On 4/6/07, Vincent Bernat <bernat@xxxxxxxx> wrote:
OoO En cette nuit striée d'éclairs du mardi 03 avril 2007, vers 02:26,
"Daniel Cid" <daniel.cid@xxxxxxxxx> disait:
> On Unix (and any operating system), when a process is listening on a specific
> port, no other process is allowed to use it. So, if you have ossec listening on
> port 514, splunk is not going to be able to use it. What you can do is disable
> remote syslog on ossec, enable your syslog server to receive remote messages
> and configure ossec and splunk to read from the files directly.
BTW, does someone know an open source alternative to Splunk ?
--
Indent to show the logical structure of a program.
- The Elements of Programming Style (Kernighan & Plauger)
--
Thx
Joshua Gimer
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.