[unisog] reporting on a central syslog server

Jack Burton dreawn at gmail.com
Wed Apr 6 14:07:29 GMT 2005


you can also use a FIFO to send syslog to SQL ... then doing analysis
is a frontend away ...

there is a PHP/mySQL solution, php-syslog-ng, based around this ... I
use it on my home network...

On Apr 6, 2005 8:40 AM, Bill Martin <bmartin at luc.edu> wrote:
> After spending a great deal of time working with syslog, or log analysis in general, what I can tell you from experience is that SWATCH is a nice tool for either parsing down the logs to retatin only required information, and for monitoring the logs near real time (multiple consoles with seperate filters), logwatch is not a bad deal if nightly reports and generation, but this is mostly post activity.
> 
> My personal preference is to use both of these in addition to a variety of home rolled scripts and Perl code.
> 
> Your syslog needs are going to as unique as your networks and hosts.  I personally prefer parsing out only what we know to be good and evaluating the rest
> 
> Good luck
> -Bill Martin-
> Sr. Systems Analyst
> Loyola University Chicago
> 
> -Bill Martin-
> Sr. Systems Analyst
> Loyola University Chicago
> bmartin at luc.edu
> >>> michael.holstein at csuohio.edu 04/04/05 8:08 AM >>>
> Before I get out my O'Riley books and re-invent the wheel, what are
> folks out there using to report against a central syslog environment
> with Syslog-NG doing the logging from multiple UNIX systems of various
> type (mostly Solaris, a few others) as well as Windows Server logs and
> PIX firewall info.
> 
> We're talking 6-10gb per 24 hours, uncompressed.
> 
> If you wish, email off-list and I'll summarize in a few days.
> 
> Cheers,
> 
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 


-- 
"... yes sir, the check is in the mail!"
--Jack Burton of the Pork Chop Express


More information about the unisog mailing list