Thanks Andrew. Mind if I ask what, if anything, you went with for log analisys? The thing I like about Splunk is how many different things it can read into and corolate. We have a software package called EG that supposedly can do this kind of thing, but in practice, well, it can't. And its UI is ugly. Inaccessible, and barely usable by a person who can see. So... Ryan -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Wednesday, February 19, 2014 5:18 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Splunk Hi, I used it a while back and it looks usable, though we didn't go with it due to the pricing in the end. Andrew. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart Sent: 19 February 2014 03:23 To: Blind sysadmins list Subject: [Blind-sysadmins] Splunk Hi: Has anyone on here played with Splunk on your network for log collection and analisys? We're looking at it for work, we have 700 servers, a bunch of switches, etc. and no one really looks at any logs or anything like that. Accessibilitywise, it is actually looking pretty good, the interface is complex, but I think that's just the software, and I've been able to get to everything I need to so far, but we're just starting to play. Thanks. Ryan _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins

Hi, We use RSA Envision, which I wouldn't recommend to my worst enemy :). Any log correlation software needs careful tuning to ensure the logs are delivered to it securely and in a format which allows the logs to be correlated. There will also need to be manual tuning of the reports to ensure you get the correct information. Thanks. Andrew. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart Sent: 20 February 2014 03:14 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Splunk Thanks Andrew. Mind if I ask what, if anything, you went with for log analisys? The thing I like about Splunk is how many different things it can read into and corolate. We have a software package called EG that supposedly can do this kind of thing, but in practice, well, it can't. And its UI is ugly. Inaccessible, and barely usable by a person who can see. So... Ryan -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Wednesday, February 19, 2014 5:18 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Splunk Hi, I used it a while back and it looks usable, though we didn't go with it due to the pricing in the end. Andrew. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart Sent: 19 February 2014 03:23 To: Blind sysadmins list Subject: [Blind-sysadmins] Splunk Hi: Has anyone on here played with Splunk on your network for log collection and analisys? We're looking at it for work, we have 700 servers, a bunch of switches, etc. and no one really looks at any logs or anything like that. Accessibilitywise, it is actually looking pretty good, the interface is complex, but I think that's just the software, and I've been able to get to everything I need to so far, but we're just starting to play. Thanks. Ryan _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins

Thanks Andrew. You're right, nothing will work out of the box, but, right now no one is watching any logs right now, or if they are in a very reactive way, and that can make troubleshooting very difficult. Our environment is big enough, how people keep track of these things in environments with thousands of servers is a mystery to me, its hard enough for us with what we have. Ryan -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Thursday, February 20, 2014 1:52 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Splunk Hi, We use RSA Envision, which I wouldn't recommend to my worst enemy :). Any log correlation software needs careful tuning to ensure the logs are delivered to it securely and in a format which allows the logs to be correlated. There will also need to be manual tuning of the reports to ensure you get the correct information. Thanks. Andrew. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart Sent: 20 February 2014 03:14 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Splunk Thanks Andrew. Mind if I ask what, if anything, you went with for log analisys? The thing I like about Splunk is how many different things it can read into and corolate. We have a software package called EG that supposedly can do this kind of thing, but in practice, well, it can't. And its UI is ugly. Inaccessible, and barely usable by a person who can see. So... Ryan -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Wednesday, February 19, 2014 5:18 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Splunk Hi, I used it a while back and it looks usable, though we didn't go with it due to the pricing in the end. Andrew. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart Sent: 19 February 2014 03:23 To: Blind sysadmins list Subject: [Blind-sysadmins] Splunk Hi: Has anyone on here played with Splunk on your network for log collection and analisys? We're looking at it for work, we have 700 servers, a bunch of switches, etc. and no one really looks at any logs or anything like that. Accessibilitywise, it is actually looking pretty good, the interface is complex, but I think that's just the software, and I've been able to get to everything I need to so far, but we're just starting to play. Thanks. Ryan _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins