[prev in list] [next in list] [prev in thread] [next in thread] 

List:       syslog-ng
Subject:    [syslog-ng] Monitoring log traffic
From:       László Pál <vlad () vlad ! hu>
Date:       2019-10-18 14:28:29
Message-ID: 983666E9-E6AE-4198-A003-7298485A0962 () vlad ! hu
[Download RAW message or body]

Hi,

My shiny new log infrastructure is almost complete, however I still have some \
maintenance kind of work to be done, so I asked myself, why not ask community? :)

So, it is basically just a server to store logs from various places as usual, however \
I would like to implement some anomaly detection. I mean, if some logs sources are \
sending significantly less or more logs a day. Do you think there is an easy solution \
for this? 

If needed, I have also a Graylog instance to index logs, so I'm already thinking to \
implement some kind of alerting there, however obviously I'm not sending everything \
to Graylog, just what users need to search, so I'm thinking about something I can put \
on the syslog-ng server and relays to detect anomalies.

Any thoughts?

Thanks
Laszlo

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


[prev in list] [next in list] [prev in thread] [next in thread]