

Logstash ready for use (log/event collection, searching, graphing) - jordansissel
http://code.google.com/p/logstash/

======
bobf
Jordan is quickly becoming a log guru amongst mortals. Keep an eye on
logstash! I'm definitely looking forward to an alternative to Splunk, which is
great -- but incredibly expensive at large scale.

~~~
iuguy
I'm thinking with saved and regularly run queries and reports this could take
on loglogic or even low end arcsight cases.

------
philfreo
Any startups have experience with Splunk? Seems like it might not be too
expensive if you're not massive, and some of their demos are impressive.

<http://www.splunk.com/>

~~~
bobf
I use Splunk, and am a big fan of everything except the cost. It works well,
but it gets very expensive, very quickly when you grow beyond the 500MB/day
free limit. I'm basically only collecting very limited usage log type
information, because of that limit.

~~~
kaerast
It's not just the size limit that's a problem in Splunk, the user accounting
is only in the paid version - the free version is completely open for anybody
to browse and it's up to you to secure it.

~~~
bobf
Granular access controls are nice under certain scenarios, but adding a basic
ACL isn't hard. "Can use Splunk" and "Can't use Splunk" is enough control for
me at the moment, fortunately.

------
iuguy
This looks like a very interesting project. Does anyone know if it supports
saved queries?

~~~
jordansissel
logstash doesn't currently support saved queries (if you mean letting you save
queries you like for later, easy recall), but I'm open to all feature
suggestions.

File a request, or email the list: \-
<http://code.google.com/p/logstash/issues/list> \- logstash-
users@googlegroups.com

I'll know what to work on (besides my own priorities) based on
requests/feedback :)

~~~
iuguy
I'm not going to have any time for the next few weeks to try it out but I'm
_really interested_ in using this as an open source alternative to logrhythm
or arcsight for forensics, incident response and intrusion detection.

Believe me, if you can pull this off you will have a massively disruptive tool
on your hands.

------
wladimir
Interesting. Finally someone implements a efficient, common sense approach to
log searching/querying. I'll give it a try and who knows I can finally stop
using the dinosaur age 'less' command :)

