LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-28-2011, 11:07 AM   #1
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Rep: Reputation: 30
Smile Logging Server


Hi there-

I'm looking to have a centralized logging server for all of my web farms in house (Windows 2003 servers), particularly interested on capturing all IIS log (syslog) on an application stand point.

I'd like to start a central logging server on a Linux OS, I've looked around and saw bunch of them running rsyslog or syslog-ng.

The requirement are as follows:
1. Have a central logging server that captures application logs in real time syslogs
2. Have a gui web based logging interface that users (non-technical) can see/view logs themselves.
3. Alerts if there are critical errors (optional)

Please kindly advise mates.
Cheers!
DB
 
Old 01-28-2011, 01:29 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Personally I think splunk is awesome, if you want something looking professional and stupidly powerful / clever it's perfect. The basic free version can be used on the windows boxes to send out the messages and as the central server with a sexy UI. The free version doesn't do alerting by default, but you'll probably have to spend some time thinking about what constitutes a critical alert for your systems. It's an easy requirement to write down, but not to define. You can easily periodically search splunk with your own scripts and alert that way with a little work.

Last edited by acid_kewpie; 01-28-2011 at 01:30 PM.
 
Old 01-28-2011, 03:46 PM   #3
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Is it possible to configure Splunk capturing all Windows IIS syslog app logs?
Does splunk have an agent that runs on remote server that forwards logs to Splunk server?

Cheers.
 
Old 01-28-2011, 04:55 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Splunk.com read for yourself. But yes. note that iis and windows in general doesn't do syslog, be careful about what you call syslog, as it can be very misleading. Splunk can be used to read windows event sources splunk forward a syslog to other syslog servers. Snare can also do this, amongst others.
 
Old 01-29-2011, 06:59 PM   #5
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,257

Rep: Reputation: 53
Quote:
Originally Posted by acid_kewpie View Post
Splunk.com read for yourself. But yes. note that iis and windows in general doesn't do syslog, be careful about what you call syslog, as it can be very misleading. Splunk can be used to read windows event sources splunk forward a syslog to other syslog servers. Snare can also do this, amongst others.
How do you get Linux servers to report to splunk? Have a server just with splunk on it, and then have it listen for UDP data inputs from a linux server with syslog set to log to the IP of the splunk server?

How much is the paid version?

TIA
 
Old 01-30-2011, 02:56 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
You get data in in all sorts of ways, tcp,udp, file upload, file tail, scheduled scripts, splunk to splunk data forwarding all sorts. You can also not get data in centrally - it allows you to send a single search out to a hundred remote small splunk servers and correlate the data in the results. Paid version it's licensed on, afaik, a single cluster wide data indexing capacity, so you can deploy it in what ever form you see fit, so it's paaaaaainfully flexible. As for how much, it''s not trivial tbh, but generally worth it when you see what you cam do with it. Recent additions like 'apps' mean you can use it not only as a log server but your sole monitoring system as long as you can get the data in to it.

It's a strange product from the point that you really need to under sell it to start with, I.e. 'a log server' as the reality of what it does can leave it hard to see how you'd use it, as it's so versatile.

Last edited by acid_kewpie; 01-30-2011 at 02:58 AM.
 
  


Reply

Tags
apache, iis, logs, php, syslog-ng


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logging into a remote server anaigini45 Linux - Newbie 5 01-03-2010 06:56 AM
named server isn't logging skibler1223 Linux - Server 5 03-09-2008 12:09 PM
Logging in and logging out of a server in a script frankie_DJ Linux - Newbie 4 01-27-2007 11:03 PM
Logging into AIX server. BSAAAAA Linux - Newbie 2 09-22-2004 01:03 AM
Logging into a Novell server... Smkorneg Linux - Networking 1 08-20-2001 02:17 PM


All times are GMT -5. The time now is 03:08 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration