|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Enterprise syslog management and alert generation.
On Tue, 7 Dec 2004, Alexei Roudnev wrote: The X over time is a new one, it's been mentioned a couple times today, and I can certainly account for it. I've added it to my rapidly growing list.In such products, only 20% value is in engine; 80% are in rules, because I can not wrire rules myself - I have not event until it happen, and I can not filetr out noice until it happen. We use a few syslog analyzers (using syslog-ng as a transport), some with simple logcheck, other with database for rules and hosts; and every time problem is the same - writing rules is 90% of the problem. But... do you have rules, such as fort example _send alert if any system began to generate 10 times logs / hour more vs. average? Or saying _single PCI ERROR on Solaris - ignore, 10 in a straight line - send warning... - billn
|