LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Linux log server/distro? (https://www.linuxquestions.org/questions/linux-newbie-8/linux-log-server-distro-4175522805/)

mzenzer 10-20-2014 05:04 PM
Linux log server/distro?
 
I'd like to use a Linux box to catch all my logs from my firewalls and the event logs of my Windows servers, is there a specific distro that is built for that? If not, what would be a good open-source app that will allow me to do that, and hopefully also have great sorting and alerting features for specific events? I looked through the site and didn't really see anything except regarding logs on the Linux box you were on. Thanks for your help.

Michael

unSpawn 10-20-2014 06:17 PM
Quote:
Originally Posted by mzenzer (Post 5256775)
I'd like to use a Linux box to catch all my logs from my firewalls and the event logs of my Windows servers, is there a specific distro that is built for that?
Welcome to LQ, hope you like it here. None I know of BTW.


Quote:
Originally Posted by mzenzer (Post 5256775)
If not, what would be a good open-source app that will allow me to do that, and hopefully also have great sorting and alerting features for specific events? I looked through the site and didn't really see anything except regarding logs on the Linux box you were on.
If you want a Suite you could search for acronyms like (SIM / SEM /) SIEM and see what that unearths (OSSIM and OpenSIM are one of the few Open Source examples), elif you like to tinker and reinvent the wheel you probably want to forward logs to a central syslog server for storage and processing meaning Logstash (does have transport encryption and a windows agent), ElasticSearch for storage and GrayLog or Kibana for visualizing. *If you want to read about (what not to look for in a) SIEM I recommend the old web logs by Anton Chuvakin.

mzenzer 10-21-2014 06:41 AM
Quote:
Originally Posted by unSpawn (Post 5256807)
Welcome to LQ, hope you like it here. None I know of BTW.



If you want a Suite you could search for acronyms like (SIM / SEM /) SIEM and see what that unearths (OSSIM and OpenSIM are one of the few Open Source examples), elif you like to tinker and reinvent the wheel you probably want to forward logs to a central syslog server for storage and processing meaning Logstash (does have transport encryption and a windows agent), ElasticSearch for storage and GrayLog or Kibana for visualizing. *If you want to read about (what not to look for in a) SIEM I recommend the old web logs by Anton Chuvakin.
Awesome thank you, great suggestions to get me going.


All times are GMT -5. The time now is 05:28 PM.