As a Basement PC Technician (BPCT) there a good chance that you have an assortment of system and devices that produce a rather large amount of logs. As any good BPCT knows you must routinely review your logs for errors and potential security events. Depending on the number of devices you may have and the amount of data produced by each device this can seem to be a taunting task. This is were centralize logging can make your life easier and SPLUNK is the application that can help you do it. SPLUNK is like a combination of a syslog server and database. It can collect logs from any source and then index it in such a way to make it search-able by you.
Pictures acquired from SPLUNK website – Why recreate the wheel when SPLUNK has provide a wheel for me to use. Part of being a successful BPCT is know how to work smart hence copy SPLUNK diagrams while giving them credit for their work =)
An effort to find a security related incident or root cause to an error involving multiple system that may have taken hours or days can now be reduce to a manner of minutes. Don't be surprise if you actually find stuff that you didn't really realize was happen on your network. The best part about SPLUNK is that is fits a BPCT's budget – It's FREE!!! SPLUNK does offer an Enterprise License if needed that provides additional capabilities such as role-based security, single sign-on and schedule PDF delivery. See the below link for a comparison of the Free License VS Enterprise License.
SPLUNK can be installed on a Windows or Unix/Linux system in a matter of minutes and offer a well documented and helpful support site to assist you if you encounter any issues during your installation or operation of the SPLUNK application.
One must have tool in your Basement PC Technician arsenal: