jirib

Asked: 2012-02-21 01:19:24 +0800 CST2012-02-21 01:19:24 +0800 CST 2012-02-21 01:19:24 +0800 CST

Opensource log correlation application - an alternative to SEC?

is there a opensource log correlation application? I know only SEC[1]. The best would be if the application could work in clustered setup and would understand even structured logs, not only free-text logs (like those from syslog).

[1] http://simple-evcorr.sourceforge.net/

1 Answers

Voted

b0ti
2012-02-22T12:16:46+08:002012-02-22T12:16:46+08:00
While SEC (actually perl) is quite powerful, I also found these limitations that it can only operate on a free-text logs and for time-based correlation it does not use the actual time of the event but only the time when SEC received it.

There is correlation in nxlog (disclaimer: I'm affiliated) with support for structured logs. Syslog-ng can do some correlation also.
0

Opensource log correlation application - an alternative to SEC?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?