Parsing Syslog and Acting on it, using other input too

[sam at circlenet.us (Sam Moats)]

My view on splunk,
+1 if you intend to have a human act on the reports, it does an 
excellent job of reducing huge amounts of audit data into the valuable 
bits.
-1 Seemed to be a pita to integrate with my scripting enviroment. I 
ended up kludging wget,awk and telnet together in a totally undignified 
way to make it reach out and act on something.

+2 Customizable ingestion/parsing, I'm feeding everything from linux 
audit data to weird proprietary serial output from a multiplexer into 
it.
-1 Proprietary database I would have liked to see an sql plugin for 
data storage, I would like the data in Mysql/Oracle but no-joy from 
splunk so that I can use other tools on it easily.

+1 Free demo. You can download an eval version that is rate limited and 
cripples itself after a fixed time.
-1 because The license costs are a bit high if your moving lots of data 
through it


Sam Moats
On 2013-08-29 09:10, Jason Biel wrote:
> You should look into SPLUNK (http://www.splunk.com/), it will 
> collect/store
> your syslog data and you can run customized reports and then act on 
> them.
>
>
> On Thu, Aug 29, 2013 at 8:03 AM, Kasper Adel <karim.adel at gmail.com> 
> wrote:
>
>> Hello.
>>
>> I am looking for a way to do proactive monitoring of my network, 
>> what I am
>> specifically thinking about is receiving syslog msgs from the 
>> routers and
>> the backend engine would correlate certain msgs with output/data 
>> that i am
>> receiving through SSH/telnet sessions. What i am after is not 
>> exposed to
>> SNMP so i need to do it on my own.
>>
>>
>> I am sure there are many tools that can do parsing of syslog and 
>> acting
>> upon it but i wonder if there is something more flexible out there 
>> that I
>> can just re-use to do the above ? Please point me to known public or
>> home-grown scripts in use to achieve this.
>>
>> Regards,
>>
>> Sam
>>