Go Splunk Yourself

Having done a great deal of reading as well as having implemented log management solutions in the past, I was intrigued when I met Splunk in February. Namely their staff at a vendor booth for RSA Security 2007. It looked like a very clean and functional offering. For my recent requirements it wasn’t the product of choice but, with the release of version 3.0 I’m loving it.

The reason I’m enjoying it right now is the free license aspect. For individual use you can load up Splunk no charge. I think this is a stroke of genius on their part as this will go a long way to help build a grass roots acceptance. When you come up against products such as ArcSight, enVision at the like at 100K per and up (way up in some cases) it is refreshing to encounter this upstart. This might not be new for others out there but, if it is I suggest taking it for a spin. It has an incredibly powerful search function and it is quick. Currently they support Linux, Solaris, FreeBSD, AIX and MacOSX. Later this year they intend to release a Windows client.

I have loaded this up on my Mac and I am already enjoying it. It is quick and very flexible. Also it presents well with clean HTML. There is a high level of customization available. The reports dump out to HTML so I thought I would try some XSS testing. I’m a bit of a novice with XSS so, I decided to head to the source. I tried out RSnake’s XSS cheat sheet against my local copy with Firefox 2.x and it held up. I will test it with other browsers on Monday when I’m back in the lab.

I would offer that if you are at all curious about your log information on your box that you try this out. And if you like it there is an enterprise version as well. (No, they are not paying me a dime to pimp their product. I just like it)

Site Link

[tags]Splunk, Log Data, Logging Solutions, Log Analysis, Centralized Logging[/tags]