Yes. Logstash shipper on your syslog proxy, forward to elasticsearch. Graylog2 is very cool. Tried kibana and didn't care for it.
Actually setting up graylog2 right now to do AD authentication. So workflow is End device -> syslog-ng vm -> graylog2/elasticsearch vm and other destinations (it corp security cloud for stuff they want to track, observium for anything matching my network gear hostname pattern, etc). I have the middle syslog-ng box so I can have great control over where certain hosts ultimately send data. However that system can be used in any template, if I don't filter it just gets dumped to graylog. Kevin Stone <kst...@inetlabs.net> wrote: >Look at Logstash, http://logstash.net. > >Rsyslog can do a bit, on Windows you could look at the Solarwinds Kiwi >syslog server. > > >On Thu, Aug 29, 2013 at 9:10 AM, Jason Biel <ja...@biel-tech.com> >wrote: > >> You should look into SPLUNK (http://www.splunk.com/), it will >> collect/store >> your syslog data and you can run customized reports and then act on >them. >> >> >> On Thu, Aug 29, 2013 at 8:03 AM, Kasper Adel <karim.a...@gmail.com> >wrote: >> >> > Hello. >> > >> > I am looking for a way to do proactive monitoring of my network, >what I >> am >> > specifically thinking about is receiving syslog msgs from the >routers and >> > the backend engine would correlate certain msgs with output/data >that i >> am >> > receiving through SSH/telnet sessions. What i am after is not >exposed to >> > SNMP so i need to do it on my own. >> > >> > >> > I am sure there are many tools that can do parsing of syslog and >acting >> > upon it but i wonder if there is something more flexible out there >that I >> > can just re-use to do the above ? Please point me to known public >or >> > home-grown scripts in use to achieve this. >> > >> > Regards, >> > >> > Sam >> > >> >> >> >> -- >> Jason >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
