This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Looking for an recommendation: Logfile management / SIEM

Hi all,

to make it short: Im looking for a alternative solution to splunk. From time to time we have to create rulesets, based on captured traffic. As a result we often have huge logfiles and need to analyse them or to have to create a ruleset from them. We have textfiles up to 3GB and excel and access are not working with these filesizes. Normally Excel would be sufficient for me, if it could handle alle the data....

Are there any (simple) products (preferable opensource) that can be used to import and analyse textfiles? It would also be good, if the tool could simplyfy the data (remove duplicates etc) and create sth. like a connection overview with custom selects.

Best Regards

Sebastian

This thread was automatically locked due to age.

Parents

0 darrellr over 8 years ago

Elk/Elastic search - https://www.elastic.co/webinars/introduction-elk-stack

ELSA - https://github.com/mcholste/elsa

Firewall Analyzer - https://www.manageengine.com/products/firewall/

All depends on exactly what you want. I use Splunk myself, but it can get rather expensive. You could log to syslog-ng first, then parse out important messages and have those sent to Splunk to save on license usage.
Cancel
Vote Up 0 Vote Down

Cancel
0 seroal over 8 years ago in reply to darrellr

Hi darrellr,

basically I want to create a (simplyfied) connection overview, to be able to see what connection are there and then finally to decide from out of these connections, which should be part of a ruleset. But of course I don´t need to see the same type of connection, for example, client request to dns server.

It should also be possible to filter for specific data, like specific destination port and ip address etc etc...

I have splunk running now for in a test version.... I will make some test, how it works.

Thank you.
Cancel
Vote Up 0 Vote Down

Cancel
0 Louis-M over 8 years ago in reply to seroal

Try Graylog
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Louis-M over 8 years ago in reply to seroal

Try Graylog
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data