Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
As per our company policy we need to store all the logs likes in Application, system logs in win2k3 server, my cisco firewall logs, squid proxy etc on periodical basis.
Is there any mechanism, to collect all the logs from various sources and storing in a readable format.
Can anyone tell me what is the best possible method to store all these logs, and how corporates managing it.
for a real slick solution for a small / medium sized business, check out splunk. it's very clever and intuitive, and *very* web2.0 if you know what that means. you'd just tell it to listen on a tcp and udp port, 514 for default syslog and tell all devices to send syslog to it. to get windows to send syslog from event logs, check out a tool called snare. if you wish to read other log files, mount that file system on your linux server, using nfs, samba or whatever... and then tell splunk to read the files itself and watch for changes.
for a more traditional syslog, syslog-ng is also very very good, especially when coupled with php-syslog-ng. here, rather than feeding events into a database, you would be looking to store into flat files, potentially directory structured on date, hostname etc...
Last edited by acid_kewpie; 10-23-2007 at 04:14 AM.
I have recently installed syslog-ng. It store the event logs of my servers, routers, n/w printers and n/w switches.
I use phpsyslog-ng as the web frontend for viewing the logs through web.
The system is working perfectly and meets all my reqs.
As per our company policy we need to store all the logs likes in Application, system logs in win2k3 server, my cisco firewall logs etc on periodical basis.
Is there any mechanism, to collect all the logs from various sources and storing in a readable format.
Can anyone tell me what is the best possible method to store all these logs, and how corporates managing it.
for a real professional solution (whilst remaining free on certain forms of implementation) i'd very very strongly urge you to look at splunk - splunk.com if you do wish to stay within a genuine syslog solution all the way, then syslog-ng provides a good simple framswork for recieving syslog and storing well. php-syslog-ng can also then serve as a good front end for it.
well if you want to analyse the users and things, splunk is a perfect tool for that too. you can use specific tools like sarg to analyse them, but if a generic tool can do the job with a touch more complexity, it should be hard to ignore.
exporting all the eventlogs from windows to a listening syslog daemon: use evtsys. easy to configure, easy to install, does that.
cisco ios and catos have a mechanism to specify a loghost, but I don't know what it is offhand.
squid proxy server logs ... dunno if that supports logging to syslog. If it does, then you can collect all your logs in one place and make sense of them fairly trivially with syslog-ng, evtsys, and the builtin features of your various things you want to log.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.