-
LogAnalysis Tool
Hello
Due to my semester project I am searching a LogAnalysis Tool for Linux platforms.
The tool should offer following functionalities:
- support Ubuntu/Debian/CentOS
- analyse as much as possible system logs
- deployable for >100 servers
- central administration on one host (preferable with web-interface)
- notification on irregularity. the customer wishes one report per day which shows if everything is ok or it should contain the issues.
the customer already runs nagios for live-monitoring. so nagios-plugins would be also possible.
i have already found some possible suitable tools but maybe you can give me some additional inputs and field reports.
thanks
-
Hi and welcome
you are actually asking for multiple parts.
- aggregation
- central storage
- analysis
- alerting
- reports
Aggregation and central storage can be provided via rsyslog.
rsyslog is a highly advanced syslog daemon and offers syslog via tcp, guaranteed delivery, high precision time stamps, templates, etc etc
Analysis can be done with the webtool LogAnalyser, reports via a LogAnalyser plugin.
As for alerts. This should be part of the monitoring solution (e.g. nagios) and imho happen on each host.
a) For performance reasons
b) To cut out a middle man. If the central loghost should go down, this is bad enough. But there is no reason why this should also shut down the logfile based alerting.
It is a long time since I used nagios, so unfortunately I cannot recommend a nagios plugin right away.
rsyslog and LogAnalyzer are here:
The enhanced syslogd for Linux and Unix rsyslog
Adiscon LogAnalyzer - syslog web viewer, analysis and reporting tool
Both can be used freely on unix platforms and you can purchase commercial support if you wish to.
-
Splunk could also fulfill your needs(I think). This is the link to their homepage: h t t p: //w w w. splunk. com (without the spaces then)
-
-
ELSA looks quite promising, I will try it on a VM.
Thanks for the hint :)
