Find the answer to your Linux question:
Results 1 to 10 of 10
hey all! well i'm an almost complete beginner when it comes to linux of pretty much any type (other than a few liveCDs) but i've come up with a challenge ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2005
    Location
    leeds
    Posts
    5

    new to lunix, have a project, will ask questions


    hey all!

    well i'm an almost complete beginner when it comes to linux of pretty much any type (other than a few liveCDs) but i've come up with a challenge / project that'll hopefully resolve this.

    basically what i'm going to try is to build a centralized event log monitoring system to pull all the logs from the windows servers on our network using linux and only free software. this may be expanded later on to cover IDS, but lets not get ahead of ourselves just yet!

    as far as i can see, i'm going to have to break the project down into these sections:
    find and install an OS
    find some way of pulling event logs of a win2k server
    look into database storage - i'm thinking mySQL or similar
    develop the reporting and alerting side.

    as i'm starting from fresh i could do with as many suggestions / comments as possible really, but my first questions are:

    has this been done before?
    what flavor of linux would you recommend for this kind of project?
    how demanding on the hardware do you think this would be? i've got a few soon to be retired ex-NT4 desktops that i'm thinking of using
    have i bitten off more than i can chew? lol

    Cheers, all.

    Tim.

  2. #2
    Just Joined!
    Join Date
    May 2005
    Location
    Austin, TX
    Posts
    12
    Unfortunately, I'm such a Linux newbie that I can't really help you in your endeavor, but I am curious as to why you'd want to monitor all your Windows server logs/event with a Linux box other than to simply see if it can be done?

    It would take just a few minutes to set up a custom MMC on any Windows box to view events from any Windows server. This isn't a Windows forum, though, so I'll leave that topic alone lest I be thrown into firey brimstone.

    -- Matt

  3. #3
    Just Joined! bobkat357's Avatar
    Join Date
    Apr 2005
    Location
    Dallas TX
    Posts
    76

    Howdy

    I sloved alot of my probs when I learned to change permmisons so my user account could use the cd player etc I am glad

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    May 2005
    Location
    leeds
    Posts
    5
    Quote Originally Posted by kemis
    Unfortunately, I'm such a Linux newbie that I can't really help you in your endeavor, but I am curious as to why you'd want to monitor all your Windows server logs/event with a Linux box other than to simply see if it can be done?

    It would take just a few minutes to set up a custom MMC on any Windows box to view events from any Windows server. This isn't a Windows forum, though, so I'll leave that topic alone lest I be thrown into firey brimstone.

    -- Matt
    cheers for the reply, kemis! you're right, i could do it in windows but that'd take no effort at all i'd ideally like to make this a standalone system that'll not only do the monitoring but also send out alerts if something happens.... that's really the key bits, coz i'm lazy lol

    so far i'm going with a linux distro (still so be decided), winlogd for the eventlog -> syslog side, mySQL for the database and i'm thinking about throwing pandoramon in there too coz it looks very very useful all being well, i'll have it up and running by the end of next week...... as long as nothing else breaks in the mean time!! lol

    edit: i've just been told about Sentnix for the IDS side. has anyone come across this before?

  6. #5
    Just Joined!
    Join Date
    May 2005
    Location
    Austin, TX
    Posts
    12
    Well, I'll be darned. Syslogd looks pretty cool. Cool enough to bookmark and maybe follow in your footsteps one day when I'm looking for a fun project.

    Hope you get the help you need, but from the sound of your last post, it seems like you've pretty much got it figured out.

    Have fun!
    Matt

  7. #6
    Just Joined!
    Join Date
    May 2005
    Location
    leeds
    Posts
    5
    Quote Originally Posted by kemis
    Well, I'll be darned. Syslogd looks pretty cool. Cool enough to bookmark and maybe follow in your footsteps one day when I'm looking for a fun project.

    Hope you get the help you need, but from the sound of your last post, it seems like you've pretty much got it figured out.

    Have fun!
    Matt
    i think it's all down to who you ask, mate lol gotta admit i thought i'd got it liked.... until my Sentix install kept failing. what have i learnt from it? well, one RTFM and probably more importantly find out why the PC was spare ebfore you start using it (duff CPU fan!!) lol

    once, i've got it all up a running i'll sort out the documentation and post it up somewhere.

  8. #7
    sbn
    sbn is offline
    Just Joined!
    Join Date
    May 2005
    Posts
    52
    I was going to suggest take a look at Nagios, but after looking at Pandora, that is a much better solution. You are correct though in using Linux, to do what you want would cost a lot of $$$ under Windows. I know of a few Windows ones such as GFI, but they are not as complete, and they cost a lot of money.

    As for hardware, I am running a system now that does monitoring, back up DNS, FTP, HTTP, Nagios, etc. on an old Compaq 500mhz P3 w/ 256MB Ram. I dont realy use the GUI at all so the mem is just fine. I use Webmin to manage the system

  9. #8
    Just Joined!
    Join Date
    May 2005
    Location
    leeds
    Posts
    5
    Quote Originally Posted by sbn
    I was going to suggest take a look at Nagios, but after looking at Pandora, that is a much better solution. You are correct though in using Linux, to do what you want would cost a lot of $$$ under Windows. I know of a few Windows ones such as GFI, but they are not as complete, and they cost a lot of money.

    As for hardware, I am running a system now that does monitoring, back up DNS, FTP, HTTP, Nagios, etc. on an old Compaq 500mhz P3 w/ 256MB Ram. I dont realy use the GUI at all so the mem is just fine. I use Webmin to manage the system
    i've got a P3 750MHz with about 256MB and a 6.5Gb hdd put aside for it, though once it's up and running i'll probably chuck some more RAM in it. hopefully that'll do the job

    I'm just getting used to not having a GUI to work with and I've gotta say it's un-nerving! i'm not only having to learn how to deal without it but also all the difference commands etc. so far i've managed to get it on the network but the control panel / web interface is just coming up blank. think i might done something wrong but can't see what. oh welll, that's the fun of learning!

  10. #9
    sbn
    sbn is offline
    Just Joined!
    Join Date
    May 2005
    Posts
    52
    After taking a strong look at Pandora yesterday and today, I have to say it needs a lot of work. First, pay attention to the docs. On several installations I had a lot of trouble importing the SQL tables (pandora_db.sql and pandora_dbstruct.sql).

    Finally, after getting the web console up and running, I find that the installation of the agents is just a horrible process. Personally for me, I do NOT need secure SSH to comunicate internally here. It is just another set of hoops to jump through. Finally, I find that the visual basic script does not in fact run. I get the same error on every installation:
    Line: 304
    Char: 6
    Error: Input past end of file

    Which is frustrating as I do not know VB scripting, so debug is very painful. As of now I still can not get the script running on any Windows server.

    Truthfully, the way in which these agents are implimented is very poor and uneccessary. Problem is I have never found a decent solution for monitoring multiple services that can be viewed through a website. Most Win solutions all require software, that can export to html, but that is about it.

    Let us know how it turns out for you installing Pandora.

  11. #10
    sbn
    sbn is offline
    Just Joined!
    Join Date
    May 2005
    Posts
    52
    graycat and to all others interested, I found this software this weekend:

    http://www.adventnet.com/

    The free edition allows 10 devices to be monitored, so if you have a small network it is perfect. Especially nice if you have any Cisco routers, firewalls and switches. So far it is the best monitoring software I have found.

    Pandora seems like to will be good, but still needs a lot of work.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •