[c-nsp] Syslog Solutions

Jeremy Bresley brez at brezworks.com
Fri Sep 4 22:55:40 EDT 2009


Two products to look at from the commercial realm would be Splunk ( 
http://www.splunk.com/ ) and Cisco CS-MARS ( 
http://www.cisco.com/en/US/products/ps6241/index.html )

Splunk doesn't directly take SNMP traps, but you can use snmptrapd to 
write the events to a file and have splunk index it.

MARS does take Syslog, SNMP traps, Netflow data, various IDS/IPS alerts 
and various other inputs ( 
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html 
for the list of  supported devices.  Pretty much any Cisco product, 
Extreme routers, Juniper Netscreen/Checkpoint firewalls, etc)

MARS is sized based on either events/sec or Netflows per minute.  For a 
busy network, they can scale horizontally by using a Global Controller 
with multiple aggregators.

Good luck.

Jeremy

Brian Spade wrote:
> Hi,
>
> Can people recommend a useful solution for syslog, SNMP traps and event
> correlation?  I'm not even sure where to start.  I know about syslog-ng but
> am looking for a syslog/snmp trap collector with future capabilities of
> event correlation.  The event correlation would be able to accept any data
> source / device via SNMP or syslog.
>
> Commercial or open-source is fine with the latter being more preferrable.
>
> Thanks!
> /bs
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>   



More information about the cisco-nsp mailing list