fusi0n Posted January 26, 2015 Share Posted January 26, 2015 I was using Splunk for a while, and it's a very powerful system.. However, I would like to see what all is out there, you can do a google search, but you get 1000000s of different ones and wanted to see what you guys are using.. I'd like the software to do, Log all Active Directory Changes Log all Shared folders (who accessed, what files, ect) Log all internet data, such as websites, blocked attacks (works with a Flow Monitor) Alerts when server is down Alerts when a circuit is down, along with VPN. Any ideas on what I can use for this? Thanks! Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 26, 2015 MVC Share Posted January 26, 2015 Take a look at https://www.graylog2.org/ +John Teacake, Depicus and fusi0n 3 Share Link to comment Share on other sites More sharing options...
fusi0n Posted January 26, 2015 Author Share Posted January 26, 2015 Take a look at https://www.graylog2.org/ Thanks.. Setting it up now.. I'll give it a shot Link to comment Share on other sites More sharing options...
Sikh Posted January 26, 2015 Share Posted January 26, 2015 Ive been wondering this too. I finally got the "OK" to deploy nagios (don't even ask) but I was going to look at other possible options too. Looks like ill be trying graylog2. Thanks budman Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 26, 2015 MVC Share Posted January 26, 2015 I like graylog2, its fairly straight forward to get up and running. The trick is getting everything sent to it But once its in there you can find stuff pretty easy. Your other option is a ELK stack which is just a combo of (Elasticsearch, Logstash and Kibana) While splunk is pretty slick - once you send data to it is pretty useless to pull data out without some serious backend work. And its not cheap While something like graylog is FREE You could also look into http://www.fluentd.org/ Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted January 31, 2015 MVC Share Posted January 31, 2015 I wonder if anyone has got Greylog to log Active Directory events that would be amazing. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 31, 2015 MVC Share Posted January 31, 2015 graylog is a syslog server - what are using on windows to send eventlogs? nxlog works just fine http://nxlog-ce.sourceforge.net/ it supports GELF, so your good to go with structure, etc.. Link to comment Share on other sites More sharing options...
remixedcat Posted January 31, 2015 Share Posted January 31, 2015 I use PRTG and it's awesome. Very very easy to setup, less than 5 minutes and you're monitoring a few systems! Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 31, 2015 MVC Share Posted January 31, 2015 ^ while prtg is great.. That is not the type of monitoring he was looking for to replace splunk - even though some of the items he mentions on monitoring our outside the scope of something like splunk or other syslog and yes something like prtg would work for that. Or observium is another option.. Its kind of difficult to get all your eggs in 1 basket for your network monitoring needs. You want to log events, but also need to check if service is up and working - but those are rarely in the same system, etc. Link to comment Share on other sites More sharing options...
remixedcat Posted January 31, 2015 Share Posted January 31, 2015 There's tons of sensors for it though... http://i.imgur.com/KF6mYQB.png <<click for the sensor list and that is even only the default sensor batches you can add more types with SNMP and custom OIDs, etc. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 31, 2015 MVC Share Posted January 31, 2015 But its NOT a syslog server While I see that it has syslog receiver - it sure and the hell is not going to scale to the enterprise for monitoring syslog.. Which could be 1000's of events per minute easy. You should see the nonsense 1 esxi box can send if not tweaked after setting up syslog.. From just my pfsense firewall at home I had 1000's of events in a few hours.. There is lots of noise out there, if you log it it can get overwhelming very quickly!! PRTG again while a great product is not designed for that sort of traffic.. Graylog on very min hardware can easy scale to 1000's of events in a sec without really breaking a sweat.. Link to comment Share on other sites More sharing options...
Depicus Posted January 31, 2015 Share Posted January 31, 2015 Another vote for Graylog2 - using it at a clients for monitoring and alerts for web sites and logging events in hundreds of java applications. I'm still not up to speed on the querys yet but getting there. My greatest accomplishment is setting up an alert if a job doesn't run once a day Link to comment Share on other sites More sharing options...
Recommended Posts