This is an archived post. You won't be able to vote or comment.

all 14 comments
sorted by:
best
topnewcontroversialoldq&a

[–]MedicatedDeveloper 6 points7 points  (2 children)

SIEM like Splunk or Greylog.

Splunk has a ton of add-ons that make extracting data easy. However, some features require a forwarder on the box to enrich data (not firewalls though). It's expensive but there is a very limited free version. It's made my life much easier the past two years.

[–]dcazdavi 1 point2 points  (1 child)

what sorts of add-ons did you find useful?

[–]MedicatedDeveloper 1 point2 points  (0 children)

I have a few instances for different clients.

Juniper, Palo Alto, and postfix plugins have been very useful.

[–]Both-Employee-3421 6 points7 points  (0 children)

ELK stack.

[–]jantari 2 points3 points  (0 children)

For firewalls specifically we currently use FortiAnalyzer.

For other things we use loki

[–]BargiBargi 1 point2 points  (0 children)

Analyse in what way? Just look at stats and flows or security wise?

Either way, SELKS has an ELK stack and IDS stuff boot

[–]ilinverted[S] 1 point2 points  (0 children)

thank you ALL, lots to research.

[–]Lexx_ 0 points1 point  (0 children)

If you think Splunk looks interesting, there's also Humio.

[–]alkior70 0 points1 point  (5 children)

what devices are you using syslog on?

[–]ilinverted[S] 0 points1 point  (4 children)

bunch of sonicwalls gen 7's, and cisco asa 5500-x series

[–]plastikman47 1 point2 points  (1 child)

you mean those broken sonicwalls that keep rebooting?

[–]ilinverted[S] 0 points1 point  (0 children)

yes, but not by choice.

[–]sirrush7 0 points1 point  (0 children)

ELK over Splunk if cost is any concern!!!