I'm looking for some good analyzer. I've found a few in the web but I couln't find any feedback, so I'd appreciate if you guys can give me feedback about syslog analyzers that you have previously used. TIA.

This would be typically one of those threads for the Linux Security forum... Anyway. If you're talking generic reporting I favour Logwatch. It's FOSS, it's being developed and maintained, doesn't hog resources, only needs Perl, is easily configurable, can be run at any given time with any given set of logs and is easily extendible like shown here, here and here.

Doesn't mean Logwatch is good for everything. For Iptables you might want something else as goes for your MTA and other daemons. The only source on the 'net dedicated to log analysis is www.loganalysis.org, next to that Freshmeat and Sourceforge will show a lot of reporting tools for specific needs.

Thanks a lot!

How about Splunk. Its free if you index less than 500 mb per day. I use it for long term storage of events. Just type in what your looking for and it'll show up along with nice timeline. I've just topped over 106 million events in Splunk today and going strong.

I use logcheck after hesitating between logcheck and logwatch.

A link with a comparison of all would be interesting.

You know.. I download splunk after visiting the link from this web but I never installed it, I usually like some feedback before installing soft. I've just changed my syslog to syslog-ng and I'm saving events in a mysql database, I wonder if splunk would read the logs ok from mysql. Do you read your logs from syslog files or is splunk a syslog? how does that work? thanks.