Analysis of logs and alerting
Hi, I am implementing a syslog-ng centralized correlation server. The server receives the log entries from some servers, apps and devices. Is there any good product (commercial or open-source) with GUI or web interface to analyze these logs and give real time alerts with strong data mining tools? I need a tool which could be used by both help desk non-technical staff and technical engineers. It should give basic alerting on applications' or devices' failures first for help desk, and then engineers could dig deeper into these alerts to understand the problem. Kind regards
Check the archives of this mailing list, as you will find many examples of products like what you are looking for. Please use Google too -- you will find results. Off the top of my head, there is php-syslog-ng and plone. Look here; http://www.syslog.org/index.php?name=Web_Links&req=MostPopular I will give you my opinion that there are not enough commercial products that fill this need. Most organizations, including some of my past employers, build their own syslog correlation and alerting systems. Muath Al Khalaf wrote:
Hi,
I am implementing a syslog-ng centralized correlation server. The server receives the log entries from some servers, apps and devices.
Is there any good product (commercial or open-source) with GUI or web interface to analyze these logs and give real time alerts with strong data mining tools? I need a tool which could be used by both help desk non-technical staff and technical engineers. It should give basic alerting on applications' or devices' failures first for help desk, and then engineers could dig deeper into these alerts to understand the problem.
Kind regards
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- # Jesse Molina # Mail = jesse@opendreams.net # Page = page-jesse@opendreams.net # Cell = 1.602.323.7608 # Web = http://www.opendreams.net/jesse/
You might also look into loglogic. I've only just begun to eval them, but so far, it looks fairly solid. -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Jesse Molina Sent: Sunday, May 21, 2006 2:40 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Analysis of logs and alerting Check the archives of this mailing list, as you will find many examples of products like what you are looking for. Please use Google too -- you will find results. Off the top of my head, there is php-syslog-ng and plone. Look here; http://www.syslog.org/index.php?name=Web_Links&req=MostPopular I will give you my opinion that there are not enough commercial products that fill this need. Most organizations, including some of my past employers, build their own syslog correlation and alerting systems. Muath Al Khalaf wrote:
Hi,
I am implementing a syslog-ng centralized correlation server. The server receives the log entries from some servers, apps and devices.
Is there any good product (commercial or open-source) with GUI or web interface to analyze these logs and give real time alerts with strong data mining tools? I need a tool which could be used by both help desk
non-technical staff and technical engineers. It should give basic alerting on applications' or devices' failures first for help desk, and then engineers could dig deeper into these alerts to understand the problem.
Kind regards
---------------------------------------------------------------------- --
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- # Jesse Molina # Mail = jesse@opendreams.net # Page = page-jesse@opendreams.net # Cell = 1.602.323.7608 # Web = http://www.opendreams.net/jesse/ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
From time to time we fill out disk space where we are writing log files. syslog-ng's statistics do not include dropped items for file type statistics. I have not tested all destination types to verify if dropped statistics get generated for them, but I would expect stats for all destinations. This may make the stats record very large, so you could add an option zero_drop_stats yes/no to remove those destinations with zero drops. Another approach is to log the stat for each dest/source/drop/process as a separate message, or have an option individual_stat_messages yes/no Evan.
participants (4)
-
Dukes Clayton
-
Evan Rempel
-
Jesse Molina
-
Muath Al Khalaf