[syslog-ng] a bit [offtopic] but may not. syslog search solution for free
Peter Czanik (pczanik)
Peter.Czanik at oneidentity.com
Tue Sep 17 08:01:40 UTC 2019
Hi,
These are not my personal experiences, but talking to thousands of syslog-ng users at different events:
* Many are happy with grep and hate anything with a GUI. It works relatively well, if you have many small log files (separated by date, host, application, etc.), but if you have lots of logs, you can't avoid message parsing and indexing for efficient search.
* Splunk is one of the most popular destinations with syslog-ng. OSE users tend to use the free version, which can index up to 500MB of logs a day.
* Elasticsearch is the other most popular destination. With the latest version most of the security features are included in the open source version for free, so it does not need 3rd party extensions or a commercial license any more.
* Graylog is also getting popular among syslog-ng users. We can feed it with structured log messages in multiple ways: either GELF or JSON. Free, open source, but commercial extensions and support are available.
* I did not test recently, but Security Onion is a nice security analytic platform which also includes log management with analysis, dashboards, etc. It's free, open source, but commercial support is available.
* Logzilla is focused on Cisco network devices and automation but also works for generic log management. It is commercial software, but a free version is also available.
Of course any time indexing and GUI are involved you need some extra hardware compared syslog-ng, so definitely more expensive even if you go with the free versions.
Bye,
Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Pal, Laszlo <vlad at vlad.hu>
Sent: Tuesday, September 17, 2019 9:16 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] a bit [offtopic] but may not. syslog search solution for free
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,
Our new central syslog collect&store system are almost complete and finally it is based on Syslog-ng OSE. The only issue I want to solve, is how to present those logs to the users. Originally I thought it would be enough if they will get the directories as NFS exports and they can use their favourite grep to search files, but I thought maybe I can implement some more user friendly solution.
In the planning phase of the project, I've tested various solutions including Graylog, ELK and of course I'm aware of the beauty of SSB :) , but all of these solutions are too expensive for this project.
Then I thought maybe if I forward the logs to some database (SQL or noSQL) I can try to find some very simple frontend for that DB provides a simple search interface for those logs. Nothing fancy is required, but AD auth should be an option.
I'm sure I'm not the only one facing this issue, so I hope someone in the community can share some previous experience on this
Thanks
Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190917/235b688b/attachment-0001.html>
More information about the syslog-ng
mailing list