Blog - Everything within Reason

Entries in logfiles (2)

Monday

Mar282011

Adding Custom Logfile to OS X (Server) Log Rotation

Monday, March 28, 2011 at 14:41

The earlier posts on my logging experiences didn't include the logrotation solution I used on my OS X Server.

When you create a new logfile (and have syslog fill that file up), you're gonna run into a lack of space sooner or later. This happens because the syslog server keeps writing data to that file, and the system doesn't 'recognize' (read: isn't configured) the file for logrotation. So, you need to tell the logrotation process to include the new logfile (and what to do with it).

Click to read more ...

Willem |

1 Comment |

tagged

OS X,

Rotation,

SRX,

juniper,

logfiles in

Apple,

Tips'n Tricks

Tuesday

Jul132010

Splunk> Making Sense of Logfiles

Tuesday, July 13, 2010 at 12:43

My area of expertise in the professional world is Network Security. This includes protecting network from intrusions, but also delivering reports about the network status. For the latter we use SIEM(like) environments like the Cisco CS-MARS and the Juniper STRM.
The 'problem' with these devices is that they are great in reporting incidents and creating awesome reports about everything, but they lack the functionality to do some serious investigating.

I have several customers with a SIEM, and most of them still use (Linux) commandline tools like awk, grep, etc. these tools work, but you need to scrape everything together yourself, and building queries can be quite challenging. This is where Splunk> comes in.

Click to read more ...

Willem |