LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Syslog Monitoring (http://www.linuxquestions.org/questions/linux-server-73/syslog-monitoring-542981/)

adymcc 04-03-2007 10:43 AM

Syslog Monitoring
 
Hi all,

I'm wandering if someone could recommend some software that I can use to monitor a syslog-ng server for specific incoming faciility/priority events or even keywords and then display the output graphically in a network monitoring style.

I have seen that Hobbit can do something like this with client logs but I was hoping do do this directly on the syslog server as you cannot run hobbit client on routers etc.

I suppose I could use a hobbit client config on the server but Im not sure it has enough configuration to do what I need.

acid_kewpie 04-03-2007 11:25 AM

Well what does a graphical output look like to you? you can configure syslog-ng itself to pick out what is deemed interesting using filters, so i'd suggest that's half of your battle. after that what do you want to achieve? if you want something *very* sexy, have a look at splunk.com which could totally replace syslog-ng too.

*aj* 04-04-2007 06:33 AM

try eventloganalyzer dot com its got the reports your are seeking for.

john

sickdude 04-04-2007 07:10 PM

try using logwatch, it e-mails the output from your log files.

i use it for quite a while now and it works just perfect. i check my mail in the morning to see whats going on in the logs.

acid_kewpie 04-05-2007 03:07 AM

many solutions work best at an optimum scale, and i can't think of much worse than being emailed logwatch output from 100 servers on a daily basis...

sickdude 04-05-2007 04:23 AM

there wasnt any saying about 100 servers so thats why i sugested logwatch.


if there are 100 servers try BigBrother

acid_kewpie 04-05-2007 04:35 AM

oh no, i just tend to think from a larger scale. never impressed with what i've seen in bigbrother for syslog, splunk looks much more intelligent.

adymcc 04-11-2007 05:02 AM

We have around 150 servers to monitor, 80 *nix based. Thanks for the comments guys, we have been using Hobbit but have an increased need to monitor syslog from servers and hundreds of network devices.

It looks like Splunk will be the way to go but will probably have to find some way of getting exceptions to appear in Hobbit until I can find something better as the management need to see one easy to understand screen!


All times are GMT -5. The time now is 04:35 PM.