New draft standards
Steve Grubb
sgrubb at redhat.com
Tue Dec 15 13:46:38 UTC 2015
On Tuesday, December 15, 2015 09:12:54 AM Burn Alting wrote:
> I use a proprietary ELK-like system based on ausearch's -i option. I would
> like to see some variant outputs from ausearch that "packages" events into
> parse-friendly formats (json, xml) that also incorporates the local
> transformations Steve proposes. I believe this would be the most generic
> solution to support centralised log management.
>
> I am travelling now, but can write up a specification for review next week.
Yes, please do send something to the mail list for people to look at and
comment on.
If anyone wants to help influence future direction and does not want to do it
on the list, please contact me offlist and let me know how you aggregate logs.
We have to address central log aggregation and I would like to see what the
majority are using to know where effort would be best spent.
I did run across this page in my survey:
http://buildoop.github.io/
It mentions audit log processing. No idea if anyone is using this either.
-Steve
> On 15 Dec 2015 4:13 am, <Kevin.Dienst at usbank.com> wrote:
> > ELK
> > Splunk
> >
> > We use a proprietary vendor product that migrates data into an HDFS store
>
> via RabbitMQ based collectors and dumps them in raw form. From there I have
> access to all the usual "big data" tools albeit I'm not using Flume just
> yet, we're still trying to get a handle on operationalizing all the various
> big data component so that data science developers can focus on development
> instead of operations and support of the hardware/software ecosystem.
More information about the Linux-audit
mailing list