|Subject:||centralized event logging? centralized syslog... dumping event log? splunk?|
|Posted by:||Unsettled (unsettl…@mbna.com)|
|Date:||Fri, 16 Feb 2007|
I've read through a few whitepapers from SANS about centralizing log
files. One way was to install a syslog agent and forward it to a
centralized syslog server. Another was to dump the event log to a file,
and download it to a central box.
Both those papers are not ancient, but also not very recent.
Has anyone used splunk? I figure that would be a big time saver so i
don't have to create my own frontend.