LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-20-2014, 06:04 PM   #1
mzenzer
LQ Newbie
 
Registered: Aug 2014
Posts: 4

Rep: Reputation: Disabled
Linux log server/distro?


I'd like to use a Linux box to catch all my logs from my firewalls and the event logs of my Windows servers, is there a specific distro that is built for that? If not, what would be a good open-source app that will allow me to do that, and hopefully also have great sorting and alerting features for specific events? I looked through the site and didn't really see anything except regarding logs on the Linux box you were on. Thanks for your help.

Michael
 
Old 10-20-2014, 07:17 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Quote:
Originally Posted by mzenzer View Post
I'd like to use a Linux box to catch all my logs from my firewalls and the event logs of my Windows servers, is there a specific distro that is built for that?
Welcome to LQ, hope you like it here. None I know of BTW.


Quote:
Originally Posted by mzenzer View Post
If not, what would be a good open-source app that will allow me to do that, and hopefully also have great sorting and alerting features for specific events? I looked through the site and didn't really see anything except regarding logs on the Linux box you were on.
If you want a Suite you could search for acronyms like (SIM / SEM /) SIEM and see what that unearths (OSSIM and OpenSIM are one of the few Open Source examples), elif you like to tinker and reinvent the wheel you probably want to forward logs to a central syslog server for storage and processing meaning Logstash (does have transport encryption and a windows agent), ElasticSearch for storage and GrayLog or Kibana for visualizing. *If you want to read about (what not to look for in a) SIEM I recommend the old web logs by Anton Chuvakin.
 
Old 10-21-2014, 07:41 AM   #3
mzenzer
LQ Newbie
 
Registered: Aug 2014
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Welcome to LQ, hope you like it here. None I know of BTW.



If you want a Suite you could search for acronyms like (SIM / SEM /) SIEM and see what that unearths (OSSIM and OpenSIM are one of the few Open Source examples), elif you like to tinker and reinvent the wheel you probably want to forward logs to a central syslog server for storage and processing meaning Logstash (does have transport encryption and a windows agent), ElasticSearch for storage and GrayLog or Kibana for visualizing. *If you want to read about (what not to look for in a) SIEM I recommend the old web logs by Anton Chuvakin.
Awesome thank you, great suggestions to get me going.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
In Apache server, How to change log file location and log format for access log fil? since1993 Linux - Server 1 08-19-2009 05:14 PM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 05:13 PM
Is FreeBSD a server distro or a desktop distro with good server capatabilities? matthew5 *BSD 16 06-06-2006 04:11 PM


All times are GMT -5. The time now is 02:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration