[Oisf-users] Best options to manage http.log file

carlopmart carlopmart at gmail.com
Tue Nov 29 09:25:46 EST 2011


On Tue, 29 Nov 2011, Martin Holste wrote:

>> Thanks Paul and Martin. I am evaluating ELSA and Splunk at this moment.
>> But reading docs and install script for ELSA it seems to difficult to
>> maintain (I'm not worried about time spent on installation, but it is
>> important time needed to upgrade, to patch, etc).
>
> Thanks for giving it a look.  Splunk is a fine option.  ELSA's main
> advantages are speed and being free for any log volume, which is
> important if you start sending firewall, router, and server logs to
> it.  I will note that there is an update_from_svn.sh script included
> in ELSA that will automatically update local code from the repository,
> which is usually all that's needed to keep current.  I would say that
> Splunk upgrades require roughly the same amount of work.  In any case,
> I'm interested in any feedback your have on ELSA, especially if you
> run into any issues.
>

Thanks Martin. I will to try to install an ELSA instance on a lab to do 
some tests ...

---
CL Martinez
carlopmart {at} gmail {d0t} com


More information about the Oisf-users mailing list