[logs] Syslog - monitoring the bigger picture
Mervin Pearce [SACS]
mervin at sacs.co.za
Wed Sep 12 12:33:55 PDT 2007
I am starting a log consolidation project looking at syslog first with
booster converting from UDP to TCP using RIM and an n-tier solution. Step
Step 1 is an application which runs on Windows and logs syslog messages to a
local database. Completed
All the following steps is in progress or planned
Step 2 Filtering triggering and report writer
Step 3 convert to service
Step 4 booster converting from UDP to TCP for delivery
Step 5 database consolidation from multiple nodes to single node
Step 6 Data mining and analysis
A link with a quick overview is at:
http://www.spisat.com/index.php?option=com_content&task=view&id=4&Itemid=9
The idea is a multiple log format to a single database for data-mining.
To be kept up to date on the development and submit feature requests please
subscribe using the following link"
http://www.sacs.co.za/lists/?p=subscribe
Best Regards
Mervin Pearce (CISSPR-ISSAPR, CISA, CISM)
Chief Executive Officer
Security Audit and Control Solutions
http://www.sacs.co.za
http://www.spisat.com
mervin at sacs.co.za
More information about the LogAnalysis
mailing list