Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
for a real slick solution for a small / medium sized business, check out splunk. it's very clever and intuitive, and *very* web2.0 if you know what that means. you'd just tell it to listen on a tcp and udp port, 514 for default syslog and tell all devices to send syslog to it. to get windows to send syslog from event logs, check out a tool called snare. if you wish to read other log files, mount that file system on your linux server, using nfs, samba or whatever... and then tell splunk to read the files itself and watch for changes.
for a more traditional syslog, syslog-ng is also very very good, especially when coupled with php-syslog-ng. here, rather than feeding events into a database, you would be looking to store into flat files, potentially directory structured on date, hostname etc...
Last edited by acid_kewpie; 10-23-2007 at 04:14 AM.
I have recently installed syslog-ng. It store the event logs of my servers, routers, n/w printers and n/w switches.
I use phpsyslog-ng as the web frontend for viewing the logs through web.
The system is working perfectly and meets all my reqs.
for a real professional solution (whilst remaining free on certain forms of implementation) i'd very very strongly urge you to look at splunk - splunk.com if you do wish to stay within a genuine syslog solution all the way, then syslog-ng provides a good simple framswork for recieving syslog and storing well. php-syslog-ng can also then serve as a good front end for it.
well if you want to analyse the users and things, splunk is a perfect tool for that too. you can use specific tools like sarg to analyse them, but if a generic tool can do the job with a touch more complexity, it should be hard to ignore.
exporting all the eventlogs from windows to a listening syslog daemon: use evtsys. easy to configure, easy to install, does that.
cisco ios and catos have a mechanism to specify a loghost, but I don't know what it is offhand.
squid proxy server logs ... dunno if that supports logging to syslog. If it does, then you can collect all your logs in one place and make sense of them fairly trivially with syslog-ng, evtsys, and the builtin features of your various things you want to log.