Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm looking to have a centralized logging server for all of my web farms in house (Windows 2003 servers), particularly interested on capturing all IIS log (syslog) on an application stand point.
I'd like to start a central logging server on a Linux OS, I've looked around and saw bunch of them running rsyslog or syslog-ng.
The requirement are as follows:
1. Have a central logging server that captures application logs in real time syslogs
2. Have a gui web based logging interface that users (non-technical) can see/view logs themselves.
3. Alerts if there are critical errors (optional)
Personally I think splunk is awesome, if you want something looking professional and stupidly powerful / clever it's perfect. The basic free version can be used on the windows boxes to send out the messages and as the central server with a sexy UI. The free version doesn't do alerting by default, but you'll probably have to spend some time thinking about what constitutes a critical alert for your systems. It's an easy requirement to write down, but not to define. You can easily periodically search splunk with your own scripts and alert that way with a little work.
Last edited by acid_kewpie; 01-28-2011 at 01:30 PM.
Is it possible to configure Splunk capturing all Windows IIS syslog app logs?
Does splunk have an agent that runs on remote server that forwards logs to Splunk server?
Splunk.com read for yourself. But yes. note that iis and windows in general doesn't do syslog, be careful about what you call syslog, as it can be very misleading. Splunk can be used to read windows event sources splunk forward a syslog to other syslog servers. Snare can also do this, amongst others.
Splunk.com read for yourself. But yes. note that iis and windows in general doesn't do syslog, be careful about what you call syslog, as it can be very misleading. Splunk can be used to read windows event sources splunk forward a syslog to other syslog servers. Snare can also do this, amongst others.
How do you get Linux servers to report to splunk? Have a server just with splunk on it, and then have it listen for UDP data inputs from a linux server with syslog set to log to the IP of the splunk server?
You get data in in all sorts of ways, tcp,udp, file upload, file tail, scheduled scripts, splunk to splunk data forwarding all sorts. You can also not get data in centrally - it allows you to send a single search out to a hundred remote small splunk servers and correlate the data in the results. Paid version it's licensed on, afaik, a single cluster wide data indexing capacity, so you can deploy it in what ever form you see fit, so it's paaaaaainfully flexible. As for how much, it''s not trivial tbh, but generally worth it when you see what you cam do with it. Recent additions like 'apps' mean you can use it not only as a log server but your sole monitoring system as long as you can get the data in to it.
It's a strange product from the point that you really need to under sell it to start with, I.e. 'a log server' as the reality of what it does can leave it hard to see how you'd use it, as it's so versatile.
Last edited by acid_kewpie; 01-30-2011 at 02:58 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Logging Server
