±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 33814
New Yesterday: 3 Visitors: 172

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Splunk alternatives

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Splunk alternatives

Post Posted: Wed Feb 13, 2013 11:46 am

Hey guys,

I'm looking for a good, freeware alternative for Splunk. I'm more than OK with an open source solution.
In my search, I stumbled upon the ManageEngine EventLog Analyzer which is quite good, but not exactly what I'm looking.

I would love to hear with what tools you are working for log analysis and aggregation.

Thanks  

WarlocK88
Member
 
 
  

Re: Splunk alternatives

Post Posted: Thu Feb 28, 2013 2:01 pm

Try Kiwi Syslog server. The free version is good, but doesn't come with the agent software. You can get round this by setting up SNMP trapping. Which leads to the question as to what it is your're monitoring, servers, network devices, both?

SNMP works well for network devices, not so great in my opinion on windows machines. An agent software like Snare (free) is pretty good and combined with Kiwi Syslog offers a pretty decent syslog system in all.

In terms of log analysis, not familiar with any decent freeware tools besides splunk. You could always learn a scripting language like Perl, which isn't too hard, tons of free tutorials out there, and great for log analysis.  

Migs
Newbie
 
 
  

Re: Splunk alternatives

Post Posted: Fri May 10, 2013 2:55 pm

Post is old, but for reference you might also be of interest in ELSA (dev now supported by Mandiant).

ELSA
code.google.com/p/ente...d-archive/  

wexxlar
Newbie
 
 
  

Re: Splunk alternatives

Post Posted: Wed Mar 07, 2018 6:50 am

Here's SpectX. You can install it on your desktop and run queries directly on remote log files (on-prem, cloud, web). The data stays in its original location and original form, no price tag on the amount of data processed.  

liisatal
Newbie
 
 
  

Re: Splunk alternatives

Post Posted: Wed Mar 07, 2018 7:58 am

- liisatal
Here's SpectX. You can install it on your desktop and run queries directly on remote log files (on-prem, cloud, web). The data stays in its original location and original form, no price tag on the amount of data processed.


Is it Freeware? [1]
Or Open Source? [2]
Or both? [3]

Most probably the third best thing in life after sliced bread and ice cream Smile , but it seems a lot like a Commercial program for which only a 30 day limited trial/demo is provided (subject to registration).


jaclaz


[1][2][3]As asked by the OP.
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Splunk alternatives

Post Posted: Wed Mar 07, 2018 9:26 am

Really sorry, should've read the question twice before posting. We've just released the product and considering the initial feedback, it looks like a free version is something to seriously think about.  

liisatal
Newbie
 
 
  

Re: Splunk alternatives

Post Posted: Wed Mar 07, 2018 1:48 pm

- Migs
Try Kiwi Syslog server.


Kiwi is more infrastructure, it does not enable even basic analytics.

A couple of organisations i've heard of go with Kibana/Logstash. It's free and scaleable and is based upon Elastic search, a modern and fast DB backend. Splunk is an overpriced piece of garbage that scales very badly with any wallet. I threw it out of the window, along with Arcsight, Logrythm, Alienvault and RSA security analytics. Dont forget that Netflow and PCAPs also are needed for visibility.

You're better off throwing logs into any (free) modern database and asking questions to it, SQL and Cypher can ask WAY more complex questions than the 1990s piechart GUI that SIEM systems come with. The only new commercial tool that shows promise was Packetsled with NLP and Datavis stuff, but their CEO had an... umm.. lets say "counter productive marketing strategy".  

MDCR
Senior Member
 
 

Page 1 of 1