Central Log Consolidation

Peace · 15 Mar 2013 at 15:05

Hi,

I am trying to set up a central log consolidator for Windows and Linux Servers and was wondering what you guys are using or if you can recommend some good products.
Basically want to be able to forward events to a central server and be able to review them and also set up custom reports on certain events which will run on a weekly/monthly bases.

I have come across Splunk and will try it out next week.

SMN · 15 Mar 2013 at 17:08

Splunk and Loggly are both very good - be prepared to shell out $$ however.

SMN · 15 Mar 2013 at 17:08

...and HP Arcsight, which is even more expensive.

prj1865 · 15 Mar 2013 at 17:39

I will be watching this thread with interest as this is also something I'm looking into. We
already have Solarwinds and Scom but with so many device types on the network in wondering if we should be looking at some other solutions.

I'm aware of a few other options like loglogic, logrhythm, McAfee (formerly Nitro) etc but it would be interesting to hear some opinions.

Peace · 16 Mar 2013 at 16:56

I have got a demo VM now running Logrhythm and it is looking very good as well.
Has lots of build in PCI and other reports just need to get it setup with different clients now to see what i can get out of it.

Ev0 · 17 Mar 2013 at 12:58

QRadar looked alright as well