Due to my semester project I am searching a LogAnalysis Tool for Linux platforms.
The tool should offer following functionalities:
- support Ubuntu/Debian/CentOS
- analyse as much as possible system logs
- deployable for >100 servers
- central administration on one host (preferable with web-interface)
- notification on irregularity. the customer wishes one report per day which shows if everything is ok or it should contain the issues.
the customer already runs nagios for live-monitoring. so nagios-plugins would be also possible.
i have already found some possible suitable tools but maybe you can give me some additional inputs and field reports.
Hi and welcome
you are actually asking for multiple parts.
- central storage
Aggregation and central storage can be provided via rsyslog.
rsyslog is a highly advanced syslog daemon and offers syslog via tcp, guaranteed delivery, high precision time stamps, templates, etc etc
Analysis can be done with the webtool LogAnalyser, reports via a LogAnalyser plugin.
As for alerts. This should be part of the monitoring solution (e.g. nagios) and imho happen on each host.
a) For performance reasons
b) To cut out a middle man. If the central loghost should go down, this is bad enough. But there is no reason why this should also shut down the logfile based alerting.
It is a long time since I used nagios, so unfortunately I cannot recommend a nagios plugin right away.
rsyslog and LogAnalyzer are here:
The enhanced syslogd for Linux and Unix rsyslog
Adiscon LogAnalyzer - syslog web viewer, analysis and reporting tool
Both can be used freely on unix platforms and you can purchase commercial support if you wish to.
Splunk could also fulfill your needs(I think). This is the link to their homepage: h t t p: //w w w. splunk. com (without the spaces then)
ELSA looks quite promising, I will try it on a VM.
Thanks for the hint :)