[unisog] reporting on a central syslog server

Russell Fulton r.fulton at auckland.ac.nz
Mon Apr 4 21:06:34 GMT 2005

On Mon, 2005-04-04 at 10:53 -0400, Harry Hoffman wrote:
> Hi Michael,
> We are using SL3 to a great degree of success for the central logging 
> and use NTSyslog for the Windows to Unix logflow:
> http://www.ip-solutions.net/syslog-ng/

I wrote this with Harry when he was with us.  It has some features that
are not (or weren't a couple of years ago) in other log watches.

From rom memory:
      * uses perl REs for matching (it sucks in all the patterns and
        then compiles them in a single matching routine so you get all
        the optimisation that perl can throw at it.
      * has thresholding (i.e. will report if more that x matches on a
        rule) -- useful for those things that normally produce a trickle
        of messages but which you want to know about if there are
        suddenly hundreds
      * count matches against a pattern
      * you can pass records matching a pattern to a user supplied
        subroutine.  I use this to do hourly reports on viruses from the
        sophie logs (the routine gets called after processing finishes
        with a special parameter so you can produce summaries etc).
      * assumes that there are lots of different admins for different
        machines -- you have a config file that specifies who gets
        notified about what.
      * the config file has named bunches of rules (these usually relate
        to applications or OS) and then for each machine you list the
        rulesets you need.

Main limitation is that it will currently only do email reports although
it should be easy to extent it to use pagers or whatever.  Hmmmm... you
could do this with a user supplied reporter routine.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050405/94d29acd/smime.bin

More information about the unisog mailing list