1 Oct
2011
1 Oct
'11
12:39 a.m.
On Fri, Sep 30, 2011 at 2:44 PM, Ukpong Ukpong <ukpong.ukpong@gmail.com> wrote:
Have you tried qradar? It's rather good
I've used Splunk and QRadar; both are available as free VMware appliances with limitations on log volume, sufficient for testing. Or if you're mostly looking at webserver/proxy/firewall logs, Sawmill is worth checking out. I've also been looking into using Lancope's replicator to take in syslog UDP and send copies to multiple loggers, since some appliances only support a single syslog destination. Kevin