Re: [PLUG] Syslog?

JP Vossen on 17 Mar 2014 10:51:10 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Syslog?

From: JP Vossen <jp@jpsdomain.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Syslog?
Date: Mon, 17 Mar 2014 13:51:04 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

On 03/17/2014 11:18 AM, jeff wrote:

I had asked a while back about a decent syslog system.  Was wondering if
anything had changed.

My main focus is correlation.  Syslog outputs to that lovely advancing
wall of text.  What alternative is there to grep(ing) and regex(ing),
possibly with a GUI?  I'm looking to log-monitor a load of servers that
run The Other OS.  Would prefer to stay linux-based.


So what I'm hearing is that you want Splunk?

First of all, try...Splunk. The product is really great in lots ofways, including the fact that they "get" IT and the CLI but also have areally nice (Python-based) web GUI. They are usually very expensive,but there is a free license for low volume and they may have deals fornon-profits. http://splunk.com/ andhttp://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W.

Second, there is LogStash, and you just HAVE to love the name and logo!http://logstash.net/ It's Java, which annoys me, and I've had it runwild and consume all my resources, but that was at least 1.5-2 yearsago, so...

You can roll your own with http://www.elasticsearch.org/, but it's a loteasier to just use LogStash. Seehttp://www.elasticsearch.org/blog/apt-and-yum-repositories/. AlsoApache Lucene or lots of similar tools, but now we're getting too low level.


2011 reviews of Syslog-ng GUIs, may be something useful:
https://czanik.blogs.balabit.com/2011/12/graphical-user-interfaces-for-use-with-syslog-ng/

Another list of options, also circa 2011, more in-line with this question:
http://serverfault.com/questions/239401/splunk-is-fantastically-expensive-what-are-the-alternatives

There are more primitive tools like LogCheck that basically automate the'grep & report' thing. That's what I personally use, but it's not foreveryone.

Assuming Splunk is a no-go, my knee-jerk, for you, is a "loghost" VMwith LogStash, and Snare (http://sourceforge.net/projects/snare/,http://www.intersectalliance.com/projects/SnareWindows/) to forwardEventLogs. You can get that going in less than 1 day, for free, and gofrom there.


Start here:
http://logstash.net/
http://www.elasticsearch.org/blog/apt-and-yum-repositories/
http://slashroot.in/logstash-tutorial-linux-central-logging-server


Good luck,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Syslog?
  - From: jeff <jeffv@op.net>
- Re: [PLUG] Syslog?
  - From: Douglas Muth <doug.muth@gmail.com>

References:
- [PLUG] Syslog?
  - From: jeff <jeffv@op.net>

Prev by Date: Re: [PLUG] Syslog?
Next by Date: Re: [PLUG] Slightly OT: Active user groups for M$ developers in the area?
Previous by thread: Re: [PLUG] Syslog?
Next by thread: Re: [PLUG] Syslog?
Index(es):
- Date
- Thread