Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    LogAnalysis Tool


    Due to my semester project I am searching a LogAnalysis Tool for Linux platforms.
    The tool should offer following functionalities:
    - support Ubuntu/Debian/CentOS
    - analyse as much as possible system logs
    - deployable for >100 servers
    - central administration on one host (preferable with web-interface)
    - notification on irregularity. the customer wishes one report per day which shows if everything is ok or it should contain the issues.
    the customer already runs nagios for live-monitoring. so nagios-plugins would be also possible.

    i have already found some possible suitable tools but maybe you can give me some additional inputs and field reports.


  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Hi and welcome

    you are actually asking for multiple parts.
    - aggregation
    - central storage
    - analysis
    - alerting
    - reports

    Aggregation and central storage can be provided via rsyslog.
    rsyslog is a highly advanced syslog daemon and offers syslog via tcp, guaranteed delivery, high precision time stamps, templates, etc etc
    Analysis can be done with the webtool LogAnalyser, reports via a LogAnalyser plugin.

    As for alerts. This should be part of the monitoring solution (e.g. nagios) and imho happen on each host.
    a) For performance reasons
    b) To cut out a middle man. If the central loghost should go down, this is bad enough. But there is no reason why this should also shut down the logfile based alerting.
    It is a long time since I used nagios, so unfortunately I cannot recommend a nagios plugin right away.

    rsyslog and LogAnalyzer are here:
    The enhanced syslogd for Linux and Unix rsyslog
    Adiscon LogAnalyzer - syslog web viewer, analysis and reporting tool

    Both can be used freely on unix platforms and you can purchase commercial support if you wish to.
    You must always face the curtain with a bow.

  3. #3
    Splunk could also fulfill your needs(I think). This is the link to their homepage: h t t p: //w w w. splunk. com (without the spaces then)

  4. $spacer_open
  5. #4

  6. #5
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    ELSA looks quite promising, I will try it on a VM.
    Thanks for the hint
    You must always face the curtain with a bow.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts