Open Source Security Tools for the Security Professional
Home Projects Mailing Lists General Contact Us

Harvester FAQ

How many machines will I need to set up to get this going?

Just one! The Harvester processor, database and reporting/visualization tools will all fit on one box.

How big of a machine will I need?

This depends on the size of the activity on your network. More often than not, increased RAM will speed the database along, which tends to be a choke point.

Can I have more than one syslog host point to a collector plug-in? I need to send my syslog messages to another host per corporate policy, how do I get things to work?

Syslog allows a many-to-many relationship between senders and receivers. Multiple loghosts may be configured for the sender, see your vendor's documentation. Conversely, a single loghost can handle multiple senders.

I've got a custom Log format that I want to process, what do I do?

You will need to write a custom Reciever Plug-in and Parser Plug-in. You can base yours off of the shipped code for these types of plug-ins.

I'm using a different DataBase, what do I do?

You will need to write a custom Processor Plug-in. It will be similar to the Log Storage Plug-in, and will likely replace that one in your environment.

I'm not a programmer, will you write it for me?

Sorry, time and resources are allocated to working on the most popular formats and features. Someone on the list might also have a similar interest and be willing to work on it. You might also consider commercial support.

Will you, or anyone else, offer commercial support?

Please contact, Inc. for commercial support.

Help! I'm getting overwhelmed with log messages!

You can adjust the scoring to help sort the load. Check the database rotation scripts to keep your database neat and trim.

Management doesn't want to pay for 24x7 staffing, what are my choices?

You can use the analysis scripts to set up a pager notification and have staff who isn't technically "working", but merely on-call. You could also go with a commercial contract to do the monitoring for you. (See commercial support above.)

How much disk space will I need for the DataBase?

This depends on how many systems you are monitoring, how active your network is and how much history you want to keep online. The good news is that disk space is cheap, a few gigs for the database should be enough to get you started.

What else might consume disk space?

Your database might need temporary space to do its work. Also your analysis scripts might also want to use some as well. This really depends on your site's setup.

Copyright © 2005, Inc. - All Rights Reserved.
Last modified: January 01, 1970 00:00:00 UTC