Anyone here using a Syslog server? Thoughts? Complaints?
(i've been tasked with investigating the implementation of one. we're looking at Splunk right now as a org wide solution).
Question
Syslog
+8I implemented a syslog server last year. So far it's been great. We were looking at Splunk before, but I went with an open source solution, called Graylog2. They just released a new version recently, but I have yet to check it out. It took a while to get this working, but once I did it has been nothing but great. It's probably the best open source syslog solution out there, in my opinion. www.graylog2.org
Glad to know it's possible! I need to find out more about Splunk as it's the solution "upstairs" is leaning to.
+24We use a syslog server though I don't know what it is. Our Risk folks wanted Casper plugged into it so they could see when a decryption key was recovered and follow up with the person who did it. Works a treat.
+13look at:
http://logstash.net for log collection
and
http://kibana.org for a web ui
it's better than splunk and open source.
a demo: http://demo.logstash.net
+8I'm looking at Kibana right now. It looks pretty good. I maybe switching to this. Thanks for sharing.
Great responses everyone! Too bad it's not my decision which product will eventually be used :( I just have to "make it work (tm)".
LogZilla is an alternative to Splunk. There is a free version for small networks, and other versions run about 3% of the cost of Splunk.
+4Thanks for the ideas everyone. I have checked out Splunk in the past as well. Just don't want to have it reach the free limit and then be in trouble with something organization X will ultimately learn to rely on...or sysadmins anyway.
I have checked out zenoss and cacti - not saying that they are quite the same, but they were still worth checking out. I'll have to do a few tests on things and see how well they work.
+36It would be great for the JAMF appliance (JDS) to include Syslog. ;)
Don
+7Hey all,
How did you configure your syslog.conf on the Mac to forward on /var/log/jamf.log to your syslog server?
I am not running the Splunk Universal Forwarder on the clients and only forwarding our logs from syslog.MyWork.edu.
+7ditto on winningham.2's request
also how do we format the syslog so that we can get what we need in one message?
Every syslog is split into 5 or 6 separate messages on my Graylog instance.
I'm admittedly very new to syslogging, but having this happen doesn't sound like it's working correctly and is impossible to extract details from it.
+36We're hooked up to Splunk, we can see JSSChangeManagement.log entries, like changes to the JSS framework.
We don't have Event Logs piping out to anything yet, that is as important to us too.
Anyone using Syslog for event logs?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.