Looks very cool, thanks!<br><br><div class="gmail_quote">On Tue, Mar 29, 2011 at 9:32 AM, Martin Holste <span dir="ltr"><<a href="mailto:mcholste@gmail.com">mcholste@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Good call, done.<br>
<div><div></div><div class="h5"><br>
On Tue, Mar 29, 2011 at 2:27 AM, Fekete Robert <<a href="mailto:frobert@balabit.hu">frobert@balabit.hu</a>> wrote:<br>
> Hi Martin,<br>
><br>
> just a quick tip: include a link to your blog post on the project page, the post<br>
> gives a nice overview of ELSA with some screenshots; which is what most people<br>
> will be looking for, but is missing from the project page.<br>
><br>
> Regards,<br>
><br>
> Robert<br>
><br>
> On 03/28/2011 10:26 PM, Martin Holste wrote:<br>
><br>
>> I just put up an entry on my blog (<a href="http://ossectools.blogspot.com" target="_blank">http://ossectools.blogspot.com</a>)<br>
>> describing the Enterprise Log Search and Archive Project<br>
>> (<a href="http://code.google.com/p/enterprise-log-search-and-archive" target="_blank">http://code.google.com/p/enterprise-log-search-and-archive</a>) I've been<br>
>> working on which uses Syslog-NG>= 3.1 and pattern-db at its core.<br>
>> There are a lot of other open-source log collection frameworks out<br>
>> there that are easier to install, such as Logzilla (php-syslog-ng),<br>
>> but if you're trying to log> 1k messages/sec (common in large orgs)<br>
>> and need something GPL licensed, installing ELSA will probably be<br>
>> worth your while. We're using it to index 15k messages/sec with basic<br>
>> hardware. It's currently storing tens of billions logs, and<br>
>> full-text, ad-hoc queries complete in about 1/2 to 2 seconds,<br>
>> including group-by queries on arbitrary fields for reporting. I put a<br>
>> few screenshots and a feature list in the post.<br>
>><br>
>> The documentation is pretty basic right now, but I'm happy to assist<br>
>> if you run into issues.<br>
>><br>
>> ELSA is also open to plugin creation, so if you find ELSA useful and<br>
>> create plugins, please let me know and I can add them to the project.<br>
>><br>
>> Also, patterns for the pattern-db are more than welcome! I've<br>
>> included patterns for Cisco FWSM connections and denies, Snort logs,<br>
>> Windows logs from Eventlog-to-Syslog as well as Snare, and URL's from<br>
>> my httpry wrapper, which is available on the project site as well as<br>
>> in the tarball/source code.<br>
>><br>
>> Comments and feedback are welcome!<br>
>><br>
>> Thanks,<br>
>><br>
>> Martin<br>
>> ______________________________________________________________________________<br>
>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
>><br>
>><br>
><br>
> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
><br>
><br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</div></div></blockquote></div><br>