[syslog-ng] Blog post on ELSA
Lance Laursen
lance at demonware.net
Thu Mar 31 06:16:26 CEST 2011
Looks very cool, thanks!
On Tue, Mar 29, 2011 at 9:32 AM, Martin Holste <mcholste at gmail.com> wrote:
> Good call, done.
>
> On Tue, Mar 29, 2011 at 2:27 AM, Fekete Robert <frobert at balabit.hu> wrote:
> > Hi Martin,
> >
> > just a quick tip: include a link to your blog post on the project page,
> the post
> > gives a nice overview of ELSA with some screenshots; which is what most
> people
> > will be looking for, but is missing from the project page.
> >
> > Regards,
> >
> > Robert
> >
> > On 03/28/2011 10:26 PM, Martin Holste wrote:
> >
> >> I just put up an entry on my blog (http://ossectools.blogspot.com)
> >> describing the Enterprise Log Search and Archive Project
> >> (http://code.google.com/p/enterprise-log-search-and-archive) I've been
> >> working on which uses Syslog-NG>= 3.1 and pattern-db at its core.
> >> There are a lot of other open-source log collection frameworks out
> >> there that are easier to install, such as Logzilla (php-syslog-ng),
> >> but if you're trying to log> 1k messages/sec (common in large orgs)
> >> and need something GPL licensed, installing ELSA will probably be
> >> worth your while. We're using it to index 15k messages/sec with basic
> >> hardware. It's currently storing tens of billions logs, and
> >> full-text, ad-hoc queries complete in about 1/2 to 2 seconds,
> >> including group-by queries on arbitrary fields for reporting. I put a
> >> few screenshots and a feature list in the post.
> >>
> >> The documentation is pretty basic right now, but I'm happy to assist
> >> if you run into issues.
> >>
> >> ELSA is also open to plugin creation, so if you find ELSA useful and
> >> create plugins, please let me know and I can add them to the project.
> >>
> >> Also, patterns for the pattern-db are more than welcome! I've
> >> included patterns for Cisco FWSM connections and denies, Snort logs,
> >> Windows logs from Eventlog-to-Syslog as well as Snare, and URL's from
> >> my httpry wrapper, which is available on the project site as well as
> >> in the tarball/source code.
> >>
> >> Comments and feedback are welcome!
> >>
> >> Thanks,
> >>
> >> Martin
> >>
> ______________________________________________________________________________
> >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> >> FAQ: http://www.campin.net/syslog-ng/faq.html
> >>
> >>
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110331/edfffa00/attachment.htm
More information about the syslog-ng
mailing list