Corperate Logging and such...
 

My company is planning on setting up a new mass logging server. We run a Novell enviornment using most of the novell tools as well as many cisco products for our network. Currently we are planning to bring in a SuSE server to log all of our Windows servers. We are thinking we are going to be using syslog-NG for logging, but here is where the dilemma comes in.
Since we all use windows on our computers and no one will be directly patched into the box how can we check the logs on a regular basis?
Also it would appear that syslog-NG is possibly more of a GNU tool so that means I have to install Gnome or KDE right? If I want to be able to configure it without alot of trouble.
Another problem is will syslog-NG filter what we want to record and keep in the log file or do we have to set what is important enough to log on the servers with the auditing feature of windows.
The final question is does anyone know of anything else we might want to or need to install on this box to make it run alot more smoothly.


My goal is to get our systems a little more UNIX based so we can drop more of this windows based machines and used some stable machines. So far we are like most of the corperations out there and we've been hit by many of the microsoft virii. So if anyone can help me make this box look high and mightier with features and security it would be very helpful.

Incase anyone is curious what the specs of the logging server is. This is major overkill for this box I know but I guess they really want a good logging server.
<---- logging server ---->
Xeon 2.8Ghz Processor (single)
1GB of RAM
a 64MB graphic card of some sort
36GB SCSI RAID 5 (3 drives)

This kind of setup is way beyond the regular fare on this forum, so I'd recommend reposting this to the Enterprise forum to find somebody who can talk about Syslog-NG. Ars Technica's Linux forum also has people with the experience to tackle this properly.

Having said that, some general points:

- It depends on how many hosts you're talking about, but that spec. is very high for something that is basically handling large chunks of text and maybe some databases. You can do a lot with a box like that, OSS and some patience (network monitoring ? departmental wiki and trouble ticketing ? departmental file store with WebDAV and Samba ? )

- Don't think in terms of somebody having to actually look at the screen on the box once it's been set up. Tools for network management have Web frontends available, although the frontends are often produced by a separate project to the people making the backend itself. Actually, everything Linux has Web frontends available.

- For administering the system itself, Webmin gives you a Web frontend that is absolutely superb. It's easy to set up but buy "Managing Linux Systems with Webmin" to get access to the full power, like the facility to manage multiple systems as a group. Every time I setup Webmin I'm amazed that it's Free...

- If you do want to see the display remotely, VNC will enable you to do this from a Windows machine. Use VNC 4, as older versions were much slower.

- Nagios is a popular system for monitoring routers, servers etc. with a Web frontend (of course). Requires a bit of time to set up, though, apparently.

- IMHO three things that separate enjoying administering Linux and hating it are a) being prepared to read manuals; b) being prepared to use the command-line and write scripts to automate away jobs, rather being too stuck on point-and-click; and c) knowing how to use the SSH suite.

For example, your syslogs will probably be plain text files so you can do anything you want, even if they get very, very large. With scripts you can easily search them and e-mail the highlights, archive them, compress them into .zip files, write them to tape or CD, or ship them to another server with SSH.

Sounds like a great project. Good luck !