Hi All

As per our company policy we need to store all the logs likes in Application, system logs in win2k3 server, my cisco firewall logs, squid proxy etc on periodical basis.

Is there any mechanism, to collect all the logs from various sources and storing in a readable format.

Can anyone tell me what is the best possible method to store all these logs, and how corporates managing it.

Regards
Sakthi

for a real slick solution for a small / medium sized business, check out splunk. it's very clever and intuitive, and *very* web2.0 if you know what that means. you'd just tell it to listen on a tcp and udp port, 514 for default syslog and tell all devices to send syslog to it. to get windows to send syslog from event logs, check out a tool called snare. if you wish to read other log files, mount that file system on your linux server, using nfs, samba or whatever... and then tell splunk to read the files itself and watch for changes.

for a more traditional syslog, syslog-ng is also very very good, especially when coupled with php-syslog-ng. here, rather than feeding events into a database, you would be looking to store into flat files, potentially directory structured on date, hostname etc...

I have recently installed syslog-ng. It store the event logs of my servers, routers, n/w printers and n/w switches.
I use phpsyslog-ng as the web frontend for viewing the logs through web.
The system is working perfectly and meets all my reqs.

Give it a shot.

Hi All

As per our company policy we need to store all the logs likes in Application, system logs in win2k3 server, my cisco firewall logs etc on periodical basis.

Is there any mechanism, to collect all the logs from various sources and storing in a readable format.

Can anyone tell me what is the best possible method to store all these logs, and how corporates managing it.

Regards
Sakthi

for a real professional solution (whilst remaining free on certain forms of implementation) i'd very very strongly urge you to look at splunk - splunk.com if you do wish to stay within a genuine syslog solution all the way, then syslog-ng provides a good simple framswork for recieving syslog and storing well. php-syslog-ng can also then serve as a good front end for it.

Thanks for the reply, also I am looking to capture my squid proxy server logs. I just need to user readable format.

well if you want to analyse the users and things, splunk is a perfect tool for that too. you can use specific tools like sarg to analyse them, but if a generic tool can do the job with a touch more complexity, it should be hard to ignore.

exporting all the eventlogs from windows to a listening syslog daemon: use evtsys. easy to configure, easy to install, does that.

cisco ios and catos have a mechanism to specify a loghost, but I don't know what it is offhand.

squid proxy server logs ... dunno if that supports logging to syslog. If it does, then you can collect all your logs in one place and make sense of them fairly trivially with syslog-ng, evtsys, and the builtin features of your various things you want to log.