Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey2012-09-05 23:11:26
data mining
Sergey, 2012-09-05 23:11:26

How to process and analyze logs?

Good day
Modern applications generate a huge number of logs. A natural question arises: how to analyze such large volumes? grep on files, of course, saves in a number of tasks, but still I want some kind of smart search with the identification of correlations and any dependencies.
Share your experience (or a link to the experience of others), how do you solve this problem?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
S
Shultc, 2012-09-05
@Shultc

It seems that there is something that can help you in this article:
habrahabr.ru/post/150657/
... or maybe not)

Report
I
Ilya_Drey, 2012-09-06
@Ilya_Drey

Perhaps for you it will be from the “gun to sparrows” series, but there is a separate class of systems - SIEM . Personally, I have worked with Cisco MARS equipment (currently end of sale, but still on sale) and RSA Envision.
The above-mentioned complexes have a branched architecture, with the possibility of placing local collectors (log collectors) on "removals".
Systems can not only send events when a particular message arrives, but also create incidents based on chains of events. They have pre-created sets of "parsers" for creating events, as well as templates for checking for compliance with security standards such as PSI DSS.

Report
C
ComodoHacker, 2012-09-06
@ComodoHacker

Splunk.

Report
P
Puma Thailand, 2012-09-06
@opium

Take any log analyzer, the same awstat or sawmill google
everything from half a kick.

Report
I
Ilya_Drey, 2012-09-06
@Ilya_Drey

Well, this is exactly what happens in SIEM systems, but there it is based on the parsers generated by the manufacturer + you can add it yourself, there are also correlation rules based on which an incident is formed if necessary.
But even when these systems are working, there are a lot of false positives, so you have to tune the system ...

Report
T
Timur Batyrshin, 2012-09-19
@erthad

* Flume
* Graylog2 *
LogStash * Kibana
, UI for LogStash
* Scribe
* Fluentd
* elasticsearch I can't give more advice.

Similar questions
O
Oblomingo2015-06-06 08:54:46
What is the most understandable book on Data Warehousing? 1Reply
A
andymitrich2015-06-17 15:56:53
How to normalize small predictor values? 2Reply
U
uol72017-09-26 13:18:14
What to choose as the topic of the thesis? 3Reply
E
Ernest Faizullin2017-12-03 18:37:01
How to extract all dialogues from the text of a book or from the text of a movie script? 1Reply
M
moem2018-01-11 20:40:25
How to extract the names of settlements, their coordinates and population from Wikipedia? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question