Session recording
Kenny Lussier
klussier at gmail.com
Mon Mar 31 15:27:11 EDT 2008
On Mon, Mar 31, 2008 at 12:52 PM, Paul Lussier <p.lussier at comcast.net> wrote:
> Bill McGonigle <bill at bfccomputing.com> writes:
>
> > I see you've already found lastcomm and friends, but it would be great
> > to know what you come up with for a correlation mechanism.
>
> Can't you log everything possible via syslog, then write wrappers
> around lastcomm, sa, sar, et al to dump that data to file, and point
> splunk at the whole mess and let it do the time-event correlation for
> you?
That is a really good question.... I don't know. I'm not sure if I can
just point splunk at the output of script and have it correlate it to
syslog events. I suppose that it's worth a try.
C-Ya,
Kenny
More information about the gnhlug-discuss
mailing list