At http://www.syslogappliance.de/de I found a VMWare-Image which contains a debian with rsyslog and phplogcon. A demo of phplogcon can be found here: http://demo.phplogcon.org/index.php
It doesn't look to bad but if I want to drop certain messages I have to know how to do that with rsyslog (config is different from syslogng). Is there a way to tell rsyslog to log to an oracledb and to tell phpsyslogcon to get messages from there? And the fact that long messages are getting cropped instead of line-wrapping or horizontal scrolling is really annoying but maybe you can customize that? What I really love about phpLogCon so far is the function "Back to unfilitered view with this message at top" after you've searched for something. Let me just show you an example logsequence: %ASA-6-717022: Certificate was successfully validated. serial number: XXXXXXXXXXXXXXXXXXXX, subject name: cn=surname\, forename\, ou=Anwender,dc=de. %ASA-5-713119: Group = VPN-Group, Username = [email protected], IP = xx.xx.xx.xx, PHASE 1 COMPLETED Here I would search for the mailaddress of the user (which gives me message2) and then reset the filter and still have the focus on that message so i can now see message 1 and other messages during userlogon. Thats what seems to be an impossible task for most syslog GUIs? On Tue, Mar 10, 2009 at 09:31:30AM -0700, Brandon Burton wrote: > I've been eyeing rsyslogd + phplogcon as an open source alternative to > Splunk, but haven't had the time to play with it yet. > > http://www.rsyslog.com/ and http://www.phplogcon.org/ > > If you end up using them let me know, I'd be interested to hear about it. > > Brandon > > On Tue, Mar 10, 2009 at 9:04 AM, Stefan Schulte > <[email protected]>wrote: > > > Greetings, > > > > I'm searching for a central syslogserver with webaccess. The messages > > should be stored in a database (oracle would be great). The server should > > have the following features: > > > > - delete old messages after a period of time (errors and warnings should > > live longer than notifications) > > - drop certain messages I dont want to store in the database > > - filter messages by source and severity > > - search in messages > > - save searches > > - muli-user capability > > > > As a first step I just want to capture logs from a Cisco ASA (VPN Server) > > to troubleshoot when a user failed to establish a vpn-connection to the LAN > > (eg unstable internet connection, wrong or expired certificate) but I want > > to be able to add more syslogsources in the future. > > > > I already tested kiwisyslog + sawmill but sawmill seems to be more a > > reporting tool. The problem with reports is, that some messages generated by > > the ASA device are actually related to a user but doesnt have its name in > > the message text. So if i get > > "Certificate chain failed validation. Certificate chain is either invalid > > or not authorized" > > i need to look at the following message > > "Group = XXX, IP = x.x.x.x, Peer Certificate authentication failed: General > > Error to know whose certificate was invalid." > > > > Thats why I want to search through the raw logs rather than a reporting > > tool. Next thing I tested was syslogng + phpsyslogng which has the ability > > to show explanations of some messages but uses a local mysql-Database. Now > > I've installed splunk. Splunk seems to have many features so if you know > > that it will fullfill my needs or if you know a better tool please let me > > know. > > > > Background: To complete this project is part of my study and this is my > > first post to the list. > > > > -Stefan > > > > > > ______________________________________________________________________________ > > Nur bis 16.03.! DSL-Komplettanschluss inkl. WLAN-Modem für nur 17,95 > > EURO/mtl. > > + 1 Monat gratis!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a > > > > > > _______________________________________________ > > Tech mailing list > > [email protected] > > http://lopsa.org/cgi-bin/mailman/listinfo/tech > > This list provided by the League of Professional System Administrators > > http://lopsa.org/ > > _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
