Hey all, I was hoping I could get some suggestions on software for a virtualized central logging server. I've been considering trying out Security Onion, and just ignoring all the packet sniffing and NIDS functionality for now, only utilizing Logstash and the elastic stack components for log collection/storage/analysis, but it seems like it would take quite a bit of self-teaching (and then teaching others) to learn the system, as well as a more complicated setup. An easier to use, but less free (~$295) solution I was looking at is Kiwi Syslog Server from Solarwinds. Has anyone tried either of these solutions, or does anyone have an alternative that they're using? Thanks
Graylog ?
1 Like
linux server with rsyslogd with logrotate
easy to setup, can use hostnames and\or IP addresses. able to split log files down by host the log is coming from and fairly easy to figure out which file to look in with logrotate flipping the logs at midnight.
there are many solutions out there, you just have to define the features you want before you start looking. For instance, we use logs for forensic reasons so we dont have to monitor or inspect them too often, but if you want analysis functions to show information not otherwise captured then you will need to look for a more capable peice of code to dive into the files and provide the information you want (read pay for it).