Saturday, March 8, 2008

Splunk on Windows

I haven't posted in a while, so here's a catchup. I just started playing with Splunk. Basically it allows you to capture all your events, logs, etc into one search engine. I am pretty impressed so far. We have implemented the Windows Version in a VM, and are using Snare on Windows Servers as the agents to report windows info into Splunk.

So far I have the server configured and running and agents running on the Following:
  • 1 Windows File Server
  • Juniper Firewall
  • Dell 6024F Core Switch

One really cool thing in my book is that Splunk can act as a central Syslog server, so all us windows people can start using this cool tool for device reporting and error monitoring in one central place.

Last cool thing is that it is free up to 500MB of log data per day... I'm not coming close to that!