[Oisf-users] Best options to manage http.log file

Martin Holste mcholste at gmail.com
Tue Nov 29 13:49:30 UTC 2011


> Thanks Paul and Martin. I am evaluating ELSA and Splunk at this moment.
> But reading docs and install script for ELSA it seems to difficult to
> maintain (I'm not worried about time spent on installation, but it is
> important time needed to upgrade, to patch, etc).

Thanks for giving it a look.  Splunk is a fine option.  ELSA's main
advantages are speed and being free for any log volume, which is
important if you start sending firewall, router, and server logs to
it.  I will note that there is an update_from_svn.sh script included
in ELSA that will automatically update local code from the repository,
which is usually all that's needed to keep current.  I would say that
Splunk upgrades require roughly the same amount of work.  In any case,
I'm interested in any feedback your have on ELSA, especially if you
run into any issues.



More information about the Oisf-users mailing list