Alternative solution to replace aging swatch

Question

We are using swatch installation to sort through 3-5 gig worth of networking syslog and alert us on patterns , we are using splunk to index and search the data but splunk alerting capabilities are seriously lacking.

I wondering what are folks using for similar alerting requirements.

To avoid getting your question closed as a "shopping question", you should really flesh out your requirements and how splunk doesn't seem to be meeting them. From the FAQ : http://blog.stackoverflow.com/2010/11/qa-is-hard-lets-go-shopping/ " Thus, when it comes to shopping questions, don’t ask us what you should buy — ask us what you need to learn to tell what you should buy." — mfinni, Jun 22 '12 at 14:53

score 1 · Answer 1 · answered Jun 22 '12 at 15:43

1

I have been using logsurfer for pattern alerting with very good success.

It is written in C, and munches through logs very quickly. This is a small Introduction to logsurfer

answered Jun 22 '12 at 15:43

Michael Teeman

17
6

score 0 · Answer 2 · answered Jun 23 '12 at 02:11

0

You can also try LogZilla out, it scales to hundred of millions of events and will do email alerts and snmp trap forwarding based on regex pattern matches.

answered Jun 23 '12 at 02:11

Clayton Dukes

444
2
9

Alternative solution to replace aging swatch

2 Answers2