[unisog] reporting on a central syslog server

Joe Little jlittle at cs.stanford.edu
Wed Apr 6 16:33:14 GMT 2005


rsyslog is another syslog service that stores everything in a DB, and  
there is a search web front end for it.

http://www.monitorware.com/rsyslog/

On Apr 6, 2005, at 7:07 AM, Jack Burton wrote:

> you can also use a FIFO to send syslog to SQL ... then doing analysis
> is a frontend away ...
>
> there is a PHP/mySQL solution, php-syslog-ng, based around this ... I
> use it on my home network...
>
> On Apr 6, 2005 8:40 AM, Bill Martin <bmartin at luc.edu> wrote:
>> After spending a great deal of time working with syslog, or log  
>> analysis in general, what I can tell you from experience is that  
>> SWATCH is a nice tool for either parsing down the logs to retatin  
>> only required information, and for monitoring the logs near real  
>> time (multiple consoles with seperate filters), logwatch is not a  
>> bad deal if nightly reports and generation, but this is mostly  
>> post activity.
>>
>> My personal preference is to use both of these in addition to a  
>> variety of home rolled scripts and Perl code.
>>
>> Your syslog needs are going to as unique as your networks and  
>> hosts.  I personally prefer parsing out only what we know to be  
>> good and evaluating the rest
>>
>> Good luck
>> -Bill Martin-
>> Sr. Systems Analyst
>> Loyola University Chicago
>>
>> -Bill Martin-
>> Sr. Systems Analyst
>> Loyola University Chicago
>> bmartin at luc.edu
>>>>> michael.holstein at csuohio.edu 04/04/05 8:08 AM >>>
>> Before I get out my O'Riley books and re-invent the wheel, what are
>> folks out there using to report against a central syslog environment
>> with Syslog-NG doing the logging from multiple UNIX systems of  
>> various
>> type (mostly Solaris, a few others) as well as Windows Server logs  
>> and
>> PIX firewall info.
>>
>> We're talking 6-10gb per 24 hours, uncompressed.
>>
>> If you wish, email off-list and I'll summarize in a few days.
>>
>> Cheers,
>>
>> Michael Holstein CISSP GCIA
>> Cleveland State University
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.sans.org
>> http://www.dshield.org/mailman/listinfo/unisog
>>
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.sans.org
>> http://www.dshield.org/mailman/listinfo/unisog
>>
>
>
> -- 
> "... yes sir, the check is in the mail!"
> --Jack Burton of the Pork Chop Express
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list