[Dshield] slightly off-topic Logs- anyone using sawmill?
mark.rowlands at minmail.net
Tue Aug 27 14:10:08 GMT 2002
As part of an ongoing story of treachery, intrigue and an insatiable lust for
power, I have been looking for a method of centralising my logs (Apache logs
/ iis logs / windows event logs / ipfw / sendmail / squid / Snort even.. in
a single location and accessing them with a single tool.
I have looked at Sawmill http://www.sawmill.net which shows promise but as
it is not easily extensible yourself, you are dependent upon the goodwill of
the sawmill folks (which so far has not seemed lacking)
Anybody out there got any good ideas......... ps if it involves both huge
license fees and closed source code it is not a good idea!
2) Consistent UI
3) Access Control Lists
4) Most likely database driven
5) Easily extend to new formats
6) Windows and unix ( not just Linux) friendly
7) Ability to log access and confirm that an alert has been viewed. Perhaps
even with the option to add notes to an alert.
The why :-
It is a lot easier to get your sysadmins to check the logs if they are in one
easily accessible place, especially when they cannot claim...."I didn't see
that big flashing red log that said the exchange database was at 15.99999gb."
More information about the list