Free Technology Newsletters
» All 33 InfoWorld Newsletters
Technology & Business Daily
 
InfoWorld
 
 RECENT ENTRIES
 Cisco's new ASA 5505 and 5550
 Cisco talks about NAC 4.0 Appliance
 Microsoftie talks about exit and always pertinent Schneier
 Backup, backup and more backup
 LifeLock proactively stops theft
 Deloitte expands on security survey
 Secure your laptop
 Privaris' integrated authentication solution
 Sun tackles SOA security
 VoIP: brute force, SPIT and wiretapping


 About the Author
 Email Victor R. Garza

 ARCHIVES
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005

Powered By
Movable Type 3.17

 INFOWORLD BLOGS
 Jon Udell 
 Tech Watch 
 InfoWorld Daily 
 Gripe Line 
 Open Sources 
 Bob Lewis 
 Enterprise Mac 
 IT Troubleshooter 
 Virtualization Report 
 Security Adviser 
 Tom Yager 
 SMB IT 
 Paul Venezia 
 Database Underground 
 Real World SOA 
 Zero Day 
 The Storage Network 
 Grid Meter 
 Geeks in Paradise 
 ITXtreme with Paul Ryan 
 Test Center Daily 
 Kevin Railsback 

 BLOGROLL
 Adam Bosworth
 Scripting News
 Robert Scoble
 Many 2 Many
 Crazy Apple Rumors
 Dan Gillmor
 Jonathan Schwartz
 Doc Searls
 Bruce Schneier
 Joel Spolsky
 Web Standards Project
 Peter O'Kelly
 The Standard's Guest Blog
 Technology Review
 PCWorld's Techlog

 RSS FEEDS
How this works

 Top News 
 Columnists 
 Tech Watch 
 Test Center Reviews 
 Applications 
 App Development 
 E-Business Solutions & Strategies 
 End-user Hardware 
 Networking 
 Operating Systems 
 Platforms 
 Security 
 Standards & Protocols 
 Storage 
 Telecommunications 
 Wireless 
 Web Services 

 ZERO DAY SECURITY 




November 13, 2005

Think AWK and GREP sound funny? Try SPLUNK!
Filed under: None

Okay, have security logs, will travel.

I was conducting a lightweight forensic investigation on a new client's LAMP box and didn't feel like using GREP or AWK to, well, GREP through SYSLOG data to follow the timeline of events that led to the aforementioned client machine compromise.

I was looking for an alternative to a heavyweight SEM but didn't want to use something powerful yet lightweight (and sometimes tedious) like GREP or AWK. Well, time to check out Splunk. It seems like a pretty cool log analysis tool even though it's still in beta. Check it out for yourself.

LAMP
GREP
AWK
SYSLOG
SEM

Aren't acronyms wonderful?

Posted by Victor R. Garza on November 13, 2005 09:24 PM | TrackBack (0)

E-mail This | Print This | Digg This | Slashdot This | Add to del.icio.us

Comments

Post a comment











Remember me?








 ZERO DAY PODCAST
Listen to the latest podcast:
MP3    Podcast RSS feed       Archive    [VoiceIndigo Mobilize - Listen to podcasts on your mobile phone]




RESOURCE CENTERadvertisement 
Ads by techwords beta      See your link here

 HOME  NEWS  COLUMNS  BLOGS  PODCASTS  VIDEOS  TECHNOLOGIES  TEST CENTER  EVENTS  CAREERS  IT EXEC-CONNECT   About | Advertise | Awards | Store | Contact Us 

Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service.
All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses,
phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

 ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl