[BBLISA] Large scale log processing

[Daniel Clark]

Tom Metro wrote:
> Mike Sprague wrote:
> I don't have a recommendation on the analysis side, but you might want
> to start there and work backwards, as it will likely dictate or at least
> influence how the data is gathered and stored.

logpp (log preprocessor - to eliminate log messages you don't care
about) and sec (simple event correlator) can be used together for useful
analysis of large amounts of log data.

There was a presentation on using nagios + sec at bblisa a while back
(should be easy to find notes on that via google), but patch only works
up to nagios 2.9 at the moment.

-- 
Daniel JB Clark   | Sys Admin, Free Software Foundation
pobox.com/~dclark | http://www.fsf.org/about/staff#danny

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://www.bblisa.org/pipermail/bblisa/attachments/20090603/ffe164fb/attachment.pgp