LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 02-02-2011, 03:12 PM   #1
drsketch1
Member
 
Registered: Apr 2006
Distribution: CentOS 6.X, pclinuxos
Posts: 50

Rep: Reputation: 15
Windows event logs > syslog(*nix) > mysql > php apache


What do you use to view all of your server event logs in one place? Is it clean?

I currently set up the following:

Windows server running snare

centos55 running rsyslog + mysql + loganalyzer

It's not really as clean as I desire, and I am finding information events from Windows being wrongly marked by snare as warning/critical

I would like something extremely clean, where you can delete events from the web front end.
 
Old 02-02-2011, 03:20 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,379

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
I really should try and get paid by these guys... http://www.linuxquestions.org/questi...server-859256/
 
Old 02-03-2011, 09:21 AM   #3
drsketch1
Member
 
Registered: Apr 2006
Distribution: CentOS 6.X, pclinuxos
Posts: 50

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
I really should try and get paid by these guys... http://www.linuxquestions.org/questi...server-859256/
I saw that post and set it up for testing... Have yet to figure out how it collects data from the win servers, should get that figured out today! Thanks!

What NMS do you use?

-----
EDIT:

Okay do you or anyone else have any well written howto on how to set this up? I am finding documents like this one - http://www.splunk.com/base/Documenta...MonitorWMIdata
However the steps they walk you through are missing pieces.

. Click Manager in the upper right-hand corner of Splunk Web.

2. Under System configurations, click Data Inputs.

3. Click WMI collections.


I do not have "WMI collections"


Edit #2:

Just put splunk on a win virtual machine and voilą, looks like monitoring win events is best done from a win splunk instance?

Last edited by drsketch1; 02-03-2011 at 12:00 PM.
 
Old 02-03-2011, 12:51 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,379

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Yes absolutely. It's your collection agent, your forwarder and your central server, depending on how you plumb it in. you might want to look at the 'lightweight forwarder' mode which turns an installation into a low footprint service, not unlike snare, which only collects and forwards data, no during, web ui, searching etc. alternatively, distributed search on the paid version is also ace.
 
Old 02-03-2011, 12:53 PM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,379

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
As for my nms, i'm a contractor so not specifically using anything. I'm very interested in seeing how feasible it is tui actually use splunk as the nms itself. If you look at, for example, the unix app on it, there's your nms for nix boxes... cpu loads etc.
 
  


Reply

Tags
centos55, events, syslog


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
disable cron logs from php-syslog-ng harshaabba Linux - General 1 08-15-2010 11:50 AM
syslog-ng and apache access / error logs - can't seperate jamied66 Linux - Server 7 05-29-2009 09:57 AM
Remote syslog logging for apache logs linuxfia Linux - Software 2 02-02-2009 06:14 PM
collecting windows event logs on a linux server kav Linux - Software 1 06-22-2007 03:28 PM


All times are GMT -5. The time now is 04:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration