[CALUG] Next Meeting Reminder.
Sean Wilkerson
sean at seanandheather.com
Wed Oct 3 21:36:41 EDT 2007
Hey Folks,
I am looking forward to the talk next Wed., but wanted to make sure your
expectations were appropriately set.
Here is the Title and Desc of the talk as I just provided them to Chuck
for the calug site.
Title: Before you SIM
Desc: A look at central log collection DOs and DON'Ts. We will discuss
what really is a SIM, and whether or not you need one. Finally, we will
cover how to prepare for deploying a SIM (or some other log collection
service) including rolling your own central log collector.
The talk is less on cool linux aggregation tricks and more on what,
when, where, and why of central log collection (I don't just mean
syslog, btw).
Also, after having spent the last 3.5 years deploying and running
several SIMs for a Federal agency that collects ~25 million events a
day, I have learned a lot about what is out there commercially, as well
as some lessons about how to deploy a COTS solution and how to sense
trouble with the vendor.
So, methodology, a few tips, some strategy, working solutions, and quite
a few vendor horror stories.
If you are still interested, I look forward to seeing you next Wed.
Sean
Chuck Fullerton wrote:
> Greetings,
>
> This is just a reminder that our next meeting will be Next Wednesday October
> 10th.
>
> Our meeting we'll have Sean Wilkerson come back to talk to us about Log
> Aggregation in the Linux world.
>
> Please Join us at 7pm next Wednesday at Tenable's Offices.
>
>
>
> _______________________________________________
> CALUG mailing list
> CALUG at unknownlamer.org
> http://unknownlamer.org/cgi-bin/mailman/listinfo/calug
>
More information about the CALUG
mailing list