Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm looking for a solution that would allow me to take syslog output from all of my controllers to an external system. I think I understand what my syslog.conf file needs to look like. Where I'm stumped is picking add-ons or a replacement syslogd that would help with this. In the end I'd like all messages to be logged to /etc/messages, also to the remote system, and then be searchable. Any advice or nudges in the right direction would be greatly appreciated. Thanks!
8 REPLIES 8
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LogLogic will do this out of the box. Very simple. We are evaluating a LogLogic appliance now. But, we are tring to setup CIFS auditing...not so easy! If anyone can help, or know of a better solution, please, please advise.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you set syslog.conf to log locally and remotely?
*.info /dev/console
*.info /etc/messages
*.info @hostname
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We looked at LogLogic and Splunk (as well as several others) but ended up going with LogZilla which was easily 1/10 of the cost of Splunk and *way* less than LogLogic. In the end, we really like the very easy to use interface that logzilla offered versus the othe vendors - heck, even my manager uses it.lol.
There's a really good guide on Cisco's website that talks about syslog management techniques as well as some of the various tools. We found this link a while back and it has really helped us.
Building Scalable Syslog Management Solutions
http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html#wp9000410
HTH!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Something I ended up finding out that may be useful to the community in the future. As it turns out, Splunk is free if you log less than 500mb of data per day. In this particular environment that's the case. You do lose multiple logins in the free version, but again that's okay in this particular environment. I'll definitely keep LogZilla in mind though.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes...
*.* @ipaddress of our syslog appliance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I took a look at Splunk yesterday and pointed all of my controllers at it... was very easy to setup and appears to do exactly what I'm after.
I'll check out LogLogic as well after I've played with Splunk for a few days. Thanks for the recommendation txskibum2000.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rsyslog (default in Ubuntu) will accept syslog messages and has an addon package what will let you dump the logs to a database for easier searching.
Also, depending on the size of your infrastructure you may want log servers per location & then have them forward to a central box only if the criticality warrants it.
Finally be aware that most of the time this stuff is over UDP so you can't rely on the messages making it off the filer & the data is unencrypted so be aware others can read your logging messages.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are using EventLog Analyzer from Manage Engine in a Enterprise account ... it's very robust and reliable .... Performs the job very well.......