Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey2012-09-05 23:11:26
data mining
Sergey, 2012-09-05 23:11:26

How to process and analyze logs?

Good day
Modern applications generate a huge number of logs. A natural question arises: how to analyze such large volumes? grep on files, of course, saves in a number of tasks, but still I want some kind of smart search with the identification of correlations and any dependencies.
Share your experience (or a link to the experience of others), how do you solve this problem?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
S
Shultc, 2012-09-05
@Shultc

It seems that there is something that can help you in this article:
habrahabr.ru/post/150657/
... or maybe not)

Report
I
Ilya_Drey, 2012-09-06
@Ilya_Drey

Perhaps for you it will be from the “gun to sparrows” series, but there is a separate class of systems - SIEM . Personally, I have worked with Cisco MARS equipment (currently end of sale, but still on sale) and RSA Envision.
The above-mentioned complexes have a branched architecture, with the possibility of placing local collectors (log collectors) on "removals".
Systems can not only send events when a particular message arrives, but also create incidents based on chains of events. They have pre-created sets of "parsers" for creating events, as well as templates for checking for compliance with security standards such as PSI DSS.

Report
C
ComodoHacker, 2012-09-06
@ComodoHacker

Splunk.

Report
P
Puma Thailand, 2012-09-06
@opium

Take any log analyzer, the same awstat or sawmill google
everything from half a kick.

Report
I
Ilya_Drey, 2012-09-06
@Ilya_Drey

Well, this is exactly what happens in SIEM systems, but there it is based on the parsers generated by the manufacturer + you can add it yourself, there are also correlation rules based on which an incident is formed if necessary.
But even when these systems are working, there are a lot of false positives, so you have to tune the system ...

Report
T
Timur Batyrshin, 2012-09-19
@erthad

* Flume
* Graylog2 *
LogStash * Kibana
, UI for LogStash
* Scribe
* Fluentd
* elasticsearch I can't give more advice.

Similar questions
M
mediagenia2015-10-24 15:23:39
How would you collect data on Halloween restaurant visits? 2Reply
M
mariofag2012-07-02 12:03:27
Top like Alexa.com Top Websites but with more information? 2Reply
K
karenishe2012-07-09 16:01:13
What are OLAP systems for clustering data in a database? 4Reply
A
Artem Kanarev2012-08-30 11:00:41
Data Mining for Dummies 3Reply
X
xylololo2015-12-14 18:25:06
Unloading and sorting through Vkontakte id-shnikov? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question