Looks very cool, thanks! On Tue, Mar 29, 2011 at 9:32 AM, Martin Holste <mcholste@gmail.com> wrote:
Good call, done.
On Tue, Mar 29, 2011 at 2:27 AM, Fekete Robert <frobert@balabit.hu> wrote:
Hi Martin,
just a quick tip: include a link to your blog post on the project page, the post gives a nice overview of ELSA with some screenshots; which is what most people will be looking for, but is missing from the project page.
Regards,
Robert
On 03/28/2011 10:26 PM, Martin Holste wrote:
I just put up an entry on my blog (http://ossectools.blogspot.com) describing the Enterprise Log Search and Archive Project (http://code.google.com/p/enterprise-log-search-and-archive) I've been working on which uses Syslog-NG>= 3.1 and pattern-db at its core. There are a lot of other open-source log collection frameworks out there that are easier to install, such as Logzilla (php-syslog-ng), but if you're trying to log> 1k messages/sec (common in large orgs) and need something GPL licensed, installing ELSA will probably be worth your while. We're using it to index 15k messages/sec with basic hardware. It's currently storing tens of billions logs, and full-text, ad-hoc queries complete in about 1/2 to 2 seconds, including group-by queries on arbitrary fields for reporting. I put a few screenshots and a feature list in the post.
The documentation is pretty basic right now, but I'm happy to assist if you run into issues.
ELSA is also open to plugin creation, so if you find ELSA useful and create plugins, please let me know and I can add them to the project.
Also, patterns for the pattern-db are more than welcome! I've included patterns for Cisco FWSM connections and denies, Snort logs, Windows logs from Eventlog-to-Syslog as well as Snare, and URL's from my httpry wrapper, which is available on the project site as well as in the tarball/source code.
Comments and feedback are welcome!
Thanks,
Martin
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html