Hi all,

I'm wandering if someone could recommend some software that I can use to monitor a syslog-ng server for specific incoming faciility/priority events or even keywords and then display the output graphically in a network monitoring style.

I have seen that Hobbit can do something like this with client logs but I was hoping do do this directly on the syslog server as you cannot run hobbit client on routers etc.

I suppose I could use a hobbit client config on the server but Im not sure it has enough configuration to do what I need.

Well what does a graphical output look like to you? you can configure syslog-ng itself to pick out what is deemed interesting using filters, so i'd suggest that's half of your battle. after that what do you want to achieve? if you want something *very* sexy, have a look at splunk.com which could totally replace syslog-ng too.

try eventloganalyzer dot com its got the reports your are seeking for.

john

try using logwatch, it e-mails the output from your log files.

i use it for quite a while now and it works just perfect. i check my mail in the morning to see whats going on in the logs.

many solutions work best at an optimum scale, and i can't think of much worse than being emailed logwatch output from 100 servers on a daily basis...

there wasnt any saying about 100 servers so thats why i sugested logwatch.


if there are 100 servers try BigBrother

oh no, i just tend to think from a larger scale. never impressed with what i've seen in bigbrother for syslog, splunk looks much more intelligent.

We have around 150 servers to monitor, 80 *nix based. Thanks for the comments guys, we have been using Hobbit but have an increased need to monitor syslog from servers and hundreds of network devices.

It looks like Splunk will be the way to go but will probably have to find some way of getting exceptions to appear in Hobbit until I can find something better as the management need to see one easy to understand screen!