Navigate to next or previous posts:

« How Government Can Improve Cyber-Security | Emergent Chaos Main page | Wednesday Privacy Roundup »

Splunk'd?

(Posted by cwalsh)

I have been playing with Splunk, for about 45 minutes.

So far, I like it.

I've previously been exposed to Arcsight, but what I have more of an affinity for psychologically is not so much a correlation engine, but a great visualization tool that automagically can grok log formats without making me write a hairy regex. I have no idea whether I will use Splunk for anything real, but it made a good first impression. Since my budget is zero, the price of the non-enterprise version looks good, too. I am sure that for those of a less penurious station, there are many more fine contenders.

Posted by cwalsh on November 12, 2007 at 11:23 PM in SysAdmin , information security . You can: comment, view comments (1), see trackbacks (0) or search Technorati.

Bookmark this post:

Comments

I have been using Splunk to aggregate Windows events (mostly for security purposes)into one location. The more I use it the more I feel I can't live without it. Trying to correlate security events across 300 Windows boxen was a nightmare before Splunk, no I just set a time frame and search.

Posted by: Anonymous | November 13, 2007 5:34 PM