I've been eyeing rsyslogd + phplogcon as an open source alternative to Splunk, but haven't had the time to play with it yet.
http://www.rsyslog.com/ and http://www.phplogcon.org/ If you end up using them let me know, I'd be interested to hear about it. Brandon On Tue, Mar 10, 2009 at 9:04 AM, Stefan Schulte <[email protected]>wrote: > Greetings, > > I'm searching for a central syslogserver with webaccess. The messages > should be stored in a database (oracle would be great). The server should > have the following features: > > - delete old messages after a period of time (errors and warnings should > live longer than notifications) > - drop certain messages I dont want to store in the database > - filter messages by source and severity > - search in messages > - save searches > - muli-user capability > > As a first step I just want to capture logs from a Cisco ASA (VPN Server) > to troubleshoot when a user failed to establish a vpn-connection to the LAN > (eg unstable internet connection, wrong or expired certificate) but I want > to be able to add more syslogsources in the future. > > I already tested kiwisyslog + sawmill but sawmill seems to be more a > reporting tool. The problem with reports is, that some messages generated by > the ASA device are actually related to a user but doesnt have its name in > the message text. So if i get > "Certificate chain failed validation. Certificate chain is either invalid > or not authorized" > i need to look at the following message > "Group = XXX, IP = x.x.x.x, Peer Certificate authentication failed: General > Error to know whose certificate was invalid." > > Thats why I want to search through the raw logs rather than a reporting > tool. Next thing I tested was syslogng + phpsyslogng which has the ability > to show explanations of some messages but uses a local mysql-Database. Now > I've installed splunk. Splunk seems to have many features so if you know > that it will fullfill my needs or if you know a better tool please let me > know. > > Background: To complete this project is part of my study and this is my > first post to the list. > > -Stefan > > > ______________________________________________________________________________ > Nur bis 16.03.! DSL-Komplettanschluss inkl. WLAN-Modem für nur 17,95 > EURO/mtl. > + 1 Monat gratis!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a > > > _______________________________________________ > Tech mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
