Greetings, I'm searching for a central syslogserver with webaccess. The messages should be stored in a database (oracle would be great). The server should have the following features:
- delete old messages after a period of time (errors and warnings should live longer than notifications) - drop certain messages I dont want to store in the database - filter messages by source and severity - search in messages - save searches - muli-user capability As a first step I just want to capture logs from a Cisco ASA (VPN Server) to troubleshoot when a user failed to establish a vpn-connection to the LAN (eg unstable internet connection, wrong or expired certificate) but I want to be able to add more syslogsources in the future. I already tested kiwisyslog + sawmill but sawmill seems to be more a reporting tool. The problem with reports is, that some messages generated by the ASA device are actually related to a user but doesnt have its name in the message text. So if i get "Certificate chain failed validation. Certificate chain is either invalid or not authorized" i need to look at the following message "Group = XXX, IP = x.x.x.x, Peer Certificate authentication failed: General Error to know whose certificate was invalid." Thats why I want to search through the raw logs rather than a reporting tool. Next thing I tested was syslogng + phpsyslogng which has the ability to show explanations of some messages but uses a local mysql-Database. Now I've installed splunk. Splunk seems to have many features so if you know that it will fullfill my needs or if you know a better tool please let me know. Background: To complete this project is part of my study and this is my first post to the list. -Stefan ______________________________________________________________________________ Nur bis 16.03.! DSL-Komplettanschluss inkl. WLAN-Modem für nur 17,95 EURO/mtl. + 1 Monat gratis!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
