Re: [PLUG] Syslog?

brent timothy saner on 17 Mar 2014 08:40:45 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Syslog?

From: brent timothy saner <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Syslog?
Date: Mon, 17 Mar 2014 11:40:33 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:openpgp:content-type:content-transfer-encoding; bh=78j44dmOzyZmk2i3GUN94M3orjQCPlGQWaocz45KN/c=; b=xswMHxSOkRAIJCmllOq9uDQp5LHiT7zS0gypCtUmgdaK3uxXEx4G4wpCuuSunsikFg 50AoqTwCi0C+tXuHnXvZlsOLCso2OE95qjIxarIbzTvEXsAv+iOjDlaxVdCl9txsy4nc XVYcg5RoQCnom2QyOIRJsIbw55HYuUNQVvS0DyZeELlCVptiDgVJq+BtlOFNU1dKXfbY vF7UurIkbogRTMlv3pvwX3ZqEOaj4wXNOMTj3NSDyeyJLhc2UKQMlX6Em7XXa9pdH2Hk OVcxD7fH+l1Z1D+bNP9T6KBuxHDqVAdjz+4MosSRm/dPFXw3ViZN4O2fXunpBLkiHe3l Ny5g==
Openpgp: id=93481F6B
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/17/2014 11:18 AM, jeff wrote:
> I had asked a while back about a decent syslog system.  Was
> wondering if anything had changed.
> 
> My main focus is correlation.  Syslog outputs to that lovely
> advancing wall of text.  What alternative is there to grep(ing) and
> regex(ing), possibly with a GUI?  I'm looking to log-monitor a load
> of servers that run The Other OS.  Would prefer to stay
> linux-based.
> 
> We're non-profit and can't afford what we'd like soon. We tried 
> Alienvault but that was an unqualified mess.
> 
> 
> Yours in GUI....
> 
> -jeff
> 

a bit of clarification might be necessary here;

1.) *what* logs are you concerned with? web traffic, system events
(e.g. dmesg), security escalations, firewalls, etc.? once you know
that, it'll be easier to recommend a parser.
2.) where exactly are you logging from; what source? i can't quite
tell as it's a bit ambiguous. what do you mean by "The Other OS"- do
you mean you're trying to sent logs FROM windows TO a linux machine
for parsing/processing? nxlog[0] might be your best bet, but you'll
need something for actually parsing out those logs- i think
GrayLog2[1] works quite nicely for that, it seems.

[0] http://nxlog.org/
[1] http://www.graylog2.org/#home
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTJxdxAAoJEIwATC+TSB9rin4P/1yP2GEYz8wZ0di/nnjTiKa0
WzGgpD+IteOFRaaQuJ0heLtfZC7pzCUtq9NlJXgMjKvFg2o5Sqfdb7Qt23QkE1Sv
F+u15ilVrGTcrOtWHAn/jdhRAhGWIs29BVEWSSUqUrmVh+yQKKehH49AUmHuUIl5
RkWSisaOkG22nKkOJPhXqhS6UXpP3U3e+aMzK63FYYrXF87AeHCoGihMHQNn88dT
rZxt6hE4RRPt5BByE/Nbq/WXvqXrE/+YlwrSgvECBqYsZ4cmCqRERozaoiC/Pkvc
GNFMSVDJh3e16BbGYVhT46bM1vEaKKMqC5AoiwNsCKhk+BnG6zu1WdyY2Zap3yin
oo6CEgutEZjy5cK8JB8GqtesvJ/mMg/KYln3rG2RIwa0IoB2wQKuxXEpNj7qg7nv
7n5viOAVPK8SjBnYJF8QLz1SSCDcHJEP9AgvZ8caPVMXEs8ggSU6Pl6RkdBwRxaC
8wQIPWzlQW8IA8ztORtccS3QyMJsladH+cEpqInq2/qF3ErcI/LmN/Gig8/NU3vL
KMR3ke9GPb2/lBPo7lztCerE+yIQE3pCDnRbFDG5kF/9V9YvnncSQwdKtDmVHC+e
uGcZdGHiNn3CPFyVvz5Oyi2sWZfxmw2y7rWqJYewtUhOVq9lZyIhSy8bSBQdWOD8
6qjXGNKUXCEE/eGWtPTY
=/Pzy
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Syslog?
  - From: jeff <jeffv@op.net>

References:
- [PLUG] Syslog?
  - From: jeff <jeffv@op.net>

Prev by Date: [PLUG] Syslog?
Next by Date: Re: [PLUG] Syslog?
Previous by thread: [PLUG] Syslog?
Next by thread: Re: [PLUG] Syslog?
Index(es):
- Date
- Thread