Just to throw in my two cents here, I can’t say enough good things about using Splunk to collect and report on logs. At my employer (a certain Fortune 50), I use Splunk in our group to collect the following:

  • All syslog entries
  • All network activity

The latter is done with standardized iptables rules I deployed which log every connection (successful or not) to any port on any of our machines. I can then go into Splunk and get an idea of what each machine is doing (helpful for non-security things) and see who is trying to connect to what services on each machine.

Just on this front, Splunk is absolutely *fantastic* for getting a deeper understanding of what your platform is doing. Their free version allows up to 500 Megabytes of logs per day, which is more than enough to get started. Splunk can be obtained from http://www.splunk.com/

Written by

Engineer. Staff at Anthrocon, Anthro New England, Midwest FurFest, Furry Migration, Eurofurence. AWS, Splunk, Docker, DMARC, White Mage, he/him

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store