• 0

Enterprise Monitoring and Logging


Go to solution Solved by BudMan,

Question

fusi0n

I was using Splunk for a while, and it's a very powerful system.. However, I would like to see what all is out there, you can do a google search, but you get 1000000s of different ones and wanted to see what you guys are using..

 

I'd like the software to do,

Log all Active Directory Changes

Log all Shared folders (who accessed, what files, ect)

Log all internet data, such as websites, blocked attacks (works with a Flow Monitor)

 

Alerts when server is down

Alerts when a circuit is down, along with VPN. 

 

Any ideas on what I can use for this?

 

Thanks!

Link to post
Share on other sites

11 answers to this question

Recommended Posts

  • 0
+BudMan

graylog is a syslog server - what are using on windows to send eventlogs?  nxlog works just fine http://nxlog-ce.sourceforge.net/

 

it supports GELF, so your good to go with structure, etc..

Link to post
Share on other sites
  • 0
Sikh

Ive been wondering this too. I finally got the "OK" to deploy nagios (don't even ask) but I was going to look at other possible options too. Looks like ill be trying graylog2. Thanks budman

Link to post
Share on other sites
  • 0
+BudMan

I like graylog2, its fairly straight forward to get up and running.  The trick is getting everything sent to it ;)  But once its in there you can find stuff pretty easy.  Your other option is a ELK stack which is just a combo of (Elasticsearch, Logstash and Kibana)

 

While splunk is pretty slick - once you send data to it is pretty useless to pull data out without some serious backend work.  And its not cheap ;)  While something like graylog is FREE

 

You could also look into http://www.fluentd.org/

Link to post
Share on other sites
  • 0
+John Teacake

I wonder if anyone has got Greylog to log Active Directory events that would be amazing. 

Link to post
Share on other sites
  • 0
remixedcat

I use PRTG and it's awesome. Very very easy to setup, less than 5 minutes and you're monitoring a few systems!

Link to post
Share on other sites
  • 0
+BudMan

^ while prtg is great.. That is not the type of monitoring he was looking for to replace splunk - even though some of the items he mentions on monitoring our outside the scope of something like splunk or other syslog and yes something like prtg would work for that.  Or observium is another option..

 

Its kind of difficult to get all your eggs in 1 basket for your network monitoring needs.  You want to log events, but also need to check if service is up and working - but those are rarely in the same system, etc.

Link to post
Share on other sites
  • 0
remixedcat

There's tons of sensors for it though...

 

http://i.imgur.com/KF6mYQB.png <<click for the sensor list and that is even only the default sensor batches you can add more types with SNMP and custom OIDs, etc.

Link to post
Share on other sites
  • 0
+BudMan

But its NOT a syslog server ;)  While I see that it has syslog receiver - it sure and the hell is not going to scale to the enterprise for monitoring syslog.. Which could be 1000's of events per minute easy.  You should see the nonsense 1 esxi box can send if not tweaked after setting up syslog..

 

From just my pfsense firewall at home I had 1000's of events in a few hours..  There is lots of noise out there, if you log it it can get overwhelming very quickly!!  PRTG again while a great product is not designed for that sort of traffic..  Graylog on very min hardware can easy scale to 1000's of events in a sec without really breaking a sweat..

Link to post
Share on other sites
  • 0
Depicus

Another vote for Graylog2 - using it at a clients for monitoring and alerts for web sites and logging events in hundreds of java applications. I'm still not up to speed on the querys yet but getting there.

 

My greatest accomplishment is setting up an alert if a job doesn't run once a day :)

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.