Splunk is very good stuff:
http://www.splunk.com/
For bootstrapping your loganalysis it's a great tool.
If that doesn't fit have a look at the loganalysis list archive to see
if something looks better:
http://lists.shmoo.com/pipermail/loganalysis/
HTH,
C.G.
On 3/6/07, Bryan O'Neal <
BONeal@cornerstonehome.com> wrote:
>
>
>
>
> My network devices provide a wealth of data, but this data is very short
> lived on the device. I used kiwi sysloger on my windows box, but was not
> overly happy with it. Can any one recommend a good syslog viewer?
>
>
>
> Also, I am looking to keep a better track on what is going on on my network.
> My switches allow me to port mirror to a box but I am not sure the best way
> to collect and analyze data. I am mostly interested in bandwidth usage, and
> simple breakdowns of the kind of data (web, smb, windows file sharing,
> email, gnutella clients, etc.) Not only for bandwidth control, but also to
> track down rouge devices on my network. I am also interested in tracking
> what web pages my users visit (this company is squeaky clean, but their has
> been talk of banning more then myspace and I want the data I need to keep
> our network as free as possible for our users.
>
>
>
> Any suggestions?
> ---------------------------------------------------
> PLUG-discuss mailing list -
> PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
--
powerofprimes@gmail.com
Carlos Macedo Gomes
_sic itur ad astra_
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)