LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-05-2007, 11:23 AM   #1
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Rep: Reputation: 30
Does anyone know any good syslog analyzer?


I'm looking for some good analyzer. I've found a few in the web but I couln't find any feedback, so I'd appreciate if you guys can give me feedback about syslog analyzers that you have previously used. TIA.
 
Old 02-05-2007, 12:28 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
This would be typically one of those threads for the Linux Security forum... Anyway. If you're talking generic reporting I favour Logwatch. It's FOSS, it's being developed and maintained, doesn't hog resources, only needs Perl, is easily configurable, can be run at any given time with any given set of logs and is easily extendible like shown here, here and here.

Doesn't mean Logwatch is good for everything. For Iptables you might want something else as goes for your MTA and other daemons. The only source on the 'net dedicated to log analysis is www.loganalysis.org, next to that Freshmeat and Sourceforge will show a lot of reporting tools for specific needs.

Last edited by unSpawn; 02-05-2007 at 12:30 PM. Reason: Just cuz I can.
 
Old 02-05-2007, 12:56 PM   #3
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Original Poster
Rep: Reputation: 30
Thanks a lot!
 
Old 02-13-2007, 10:32 AM   #4
jackpal
Member
 
Registered: Oct 2003
Location: Florida USA
Distribution: Fedora, RHEL
Posts: 57

Rep: Reputation: 15
How about Splunk. Its free if you index less than 500 mb per day. I use it for long term storage of events. Just type in what your looking for and it'll show up along with nice timeline. I've just topped over 106 million events in Splunk today and going strong.
 
Old 02-13-2007, 10:49 AM   #5
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
I use logcheck after hesitating between logcheck and logwatch.

A link with a comparison of all would be interesting.
 
Old 02-14-2007, 12:17 PM   #6
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Original Poster
Rep: Reputation: 30
You know.. I download splunk after visiting the link from this web but I never installed it, I usually like some feedback before installing soft. I've just changed my syslog to syslog-ng and I'm saving events in a mysql database, I wonder if splunk would read the logs ok from mysql. Do you read your logs from syslog files or is splunk a syslog? how does that work? thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Centralized Syslog Server Using syslog-NG LXer Syndicated Linux News 0 04-28-2006 07:21 PM
What is a good UI and analyzer for SNORT ? zali Linux - Security 7 04-21-2006 03:52 AM
log analyzer MrSandman Linux - Software 2 09-26-2004 02:38 AM
Network analyzer jan_81 Linux - Networking 7 06-09-2004 12:09 PM
A good network traffic analyzer? trees Linux - Networking 1 12-12-2003 05:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration