Recommended software for a Centralized logging server? [closed]

Solution 1:

I use rsyslog and loganalyzer for my setup.

All logs go to a central logging file which I can view via web browser using loganalyzer.

I dug up a decent howto. I can not find the one I used when I set this up, but this should do nicely.

http://aaronwalrath.wordpress.com/2010/09/02/set-up-rsyslog-and-loganalyzer-on-centos-linux-5-5-for-centralized-logging/

Solution 2:

I use syslog-ng (mostly because I found it and figured it out before rsyslog became big) as my central logging server. I like it because you can easilly set up per-host targets. This makes it much easier to sort through dense logs if you only have to do it one host at a time.

You might be interested in my example syslog-ng configuration for Linux. I set up the classic "messages" and "maillog" destinations that get everything from all sources, and then each individual source gets its own collection of dated files.

For Windows sources, I use a package called NTsyslog2, which I believe came from Google Code.

To parse it all, I have a shell script which I got from somewhere and then horribly mangled to fit my own specific requirements. It reads the single-logfile which has everything in it and emails me things that I've told it to look for.

One thing I will warn you about: make sure you keep tabs on your disk space, especially if you are sending lots of Windows servers' event logs to your syslog server.

Solution 3:

Take a look at the open source nxlog tool which runs on various platforms (including Windows and Linux). It can collect from EventLog, files, syslog, database etc and has a wealth of other features.