Log Logic Archives

Home » Log Logic

Splunk vs Loglogic: Battle of the logs

Dave Farquhar security September 6, 2016October 11, 2019excel, Log Logic, splunk

If you need a centralized logging solution for your business, you’ll need to consider Splunk vs Loglogic. I have experience with both in corporate environments.

I guess you can say I spent a lot of time configuring and waiting on Loglogic. I spent a little time configuring Splunk and a lot of time turning the data inside it into knowledge.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Using Splunk to find bad guys in your network

Dave Farquhar security November 16, 2015April 23, 2017computer security, Log Logic, malware, splunk

I’ve covered event logging before, but the excellent site Malware Archaelogy has some cheat sheets that include Splunk queries you can use to find incidents or malware operating in your network, or even use to create dashboards so you can keep an eye on things. Malware Archaelogy’s list of events to log is a bit different from what I covered before, but there’s a considerable amount of overlap. You probably want what they recommend and what anyone else is recommending.

The key to corporate computer security is situational awareness, and I don’t think anyone sells a blinky box that provides enough of that. But you can build it with Splunk.

And, for what it’s worth, I do recommend Splunk. I’ve used Log Logic in the past, and its searches often take days to finish, which means Log Logic is so slow that by the time you find anything in it, it’s likely to be too late. Splunk isn’t quite real-time, but you can find stuff in a few minutes.

Dave Farquhar

dfarq.homeip.net

Security flaws in security tools are all too common

Dave Farquhar security September 14, 2015November 3, 20251990s, dell, Log Logic, mysql, passwords, splunk

Fireeye runs a bunch of its processes as root, a practice that’s been a no-no since the late 1990s, and they’re more interested in litigation than they are in working with the guy who discovered it.

The attitude is all too common.

Dave Farquhar

dfarq.homeip.net

How to downgrade a Log Logic universal collector

Dave Farquhar security, Servers and Networking February 20, 2014October 11, 2019Log Logic, Windows Control Panel

If you’ve ever upgraded a LogLogic universal collector and had it fail to work, it’s very disconcerting to see the error message when you try to reinstall the previous version: Downgrades aren’t supported. But there is a solution if you need to downgrade a Log Logic universal collector. Read more

Dave Farquhar

dfarq.homeip.net

How to increase the capacity of a Log Logic appliance by 45%

Dave Farquhar security, Software January 15, 2014December 6, 2015Log Logic, unix, usable space

My 9-5 gig revolves primarily around Tibco LogLogic (I’ll write it as Log Logic going forward, as I write in English, not C++), which is a centralized logging product. The appliances collect logs from a variety of dissimilar systems and present you with a unified, web-based interface to search them. When something goes wrong, having all of the logs in one place is invaluable for figuring it out.

That value comes at a price. I don’t know exactly what these appliances cost, but generally speaking, $100,000 is a good starting point for an estimate. So what if I told you that you could store 45% more data on these expensive appliances, and increase their performance very modestly (2-5 percent) in the process? Read on.

Dave Farquhar

dfarq.homeip.net