[c-nsp] Syslog Solutions
Jeremy Bresley
brez at brezworks.com
Fri Sep 4 22:55:40 EDT 2009
Two products to look at from the commercial realm would be Splunk (
http://www.splunk.com/ ) and Cisco CS-MARS (
http://www.cisco.com/en/US/products/ps6241/index.html )
Splunk doesn't directly take SNMP traps, but you can use snmptrapd to
write the events to a file and have splunk index it.
MARS does take Syslog, SNMP traps, Netflow data, various IDS/IPS alerts
and various other inputs (
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html
for the list of supported devices. Pretty much any Cisco product,
Extreme routers, Juniper Netscreen/Checkpoint firewalls, etc)
MARS is sized based on either events/sec or Netflows per minute. For a
busy network, they can scale horizontally by using a Global Controller
with multiple aggregators.
Good luck.
Jeremy
Brian Spade wrote:
> Hi,
>
> Can people recommend a useful solution for syslog, SNMP traps and event
> correlation? I'm not even sure where to start. I know about syslog-ng but
> am looking for a syslog/snmp trap collector with future capabilities of
> event correlation. The event correlation would be able to accept any data
> source / device via SNMP or syslog.
>
> Commercial or open-source is fine with the latter being more preferrable.
>
> Thanks!
> /bs
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list