[c-nsp] Providing 3rd party access to logs (syslog)

John T. Yocum john at fluidhosting.com
Thu Aug 16 03:38:53 EDT 2007


I'm not sure if Splunk supports multiple user levels, or access 
restrictions, but it is a log storage system which provides searching, etc.

--John

Dale Shaw wrote:
> Hi all,
> 
> This may be a bit off topic, but I figure the cisco-nsp brains trust
> will have "been there, done that" already.
> 
> Has anyone had a requirement to provide 3rd parties with access to log
> files? I have a requirement to provide access to firewall log files
> (syslogged) to a security group within an enterprise.
> 
> Logs held on the logging server will be sorted into a directory
> hierarchy based on the logging device's name, year, date, day and then
> severity (or something similar). They will likely be compressed.
> 
> I figure this could be as simple as setting up a web server on the log
> server and enabling directory listings / browsing on the virtual
> directories.
> 
> Has anyone come across a "nicer" solution? Perhaps something that
> provides (for example) search capabilities and results filtering, and
> real time log watching (ala "tail") through a web interface?
> 
> The log server OS has not been decided yet. It's likely to be Linux or
> Windows Server.
> 
> cheers,
> Dale
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list