Syslog

franton
Valued Contributor III

Anyone here using a Syslog server? Thoughts? Complaints?

(i've been tasked with investigating the implementation of one. we're looking at Splunk right now as a org wide solution).

13 REPLIES 13

pchang
New Contributor

I implemented a syslog server last year. So far it's been great. We were looking at Splunk before, but I went with an open source solution, called Graylog2. They just released a new version recently, but I have yet to check it out. It took a while to get this working, but once I did it has been nothing but great. It's probably the best open source syslog solution out there, in my opinion. www.graylog2.org

franton
Valued Contributor III

Glad to know it's possible! I need to find out more about Splunk as it's the solution "upstairs" is leaning to.

jarednichols
Honored Contributor

We use a syslog server though I don't know what it is. Our Risk folks wanted Casper plugged into it so they could see when a decryption key was recovered and follow up with the person who did it. Works a treat.

rockpapergoat
Contributor III

look at:

http://logstash.net for log collection
and
http://kibana.org for a web ui

it's better than splunk and open source.

a demo: http://demo.logstash.net

pchang
New Contributor

I'm looking at Kibana right now. It looks pretty good. I maybe switching to this. Thanks for sharing.

franton
Valued Contributor III

Great responses everyone! Too bad it's not my decision which product will eventually be used :( I just have to "make it work (tm)".

tomdamon
New Contributor

LogZilla is an alternative to Splunk. There is a free version for small networks, and other versions run about 3% of the cost of Splunk.

bbinder
New Contributor

Thanks for the ideas everyone. I have checked out Splunk in the past as well. Just don't want to have it reach the free limit and then be in trouble with something organization X will ultimately learn to rely on...or sysadmins anyway.
I have checked out zenoss and cacti - not saying that they are quite the same, but they were still worth checking out. I'll have to do a few tests on things and see how well they work.

donmontalvo
Esteemed Contributor III

It would be great for the JAMF appliance (JDS) to include Syslog. ;)

Don

--
https://donmontalvo.com

donmontalvo
Esteemed Contributor III

FYI...please vote up:

https://jamfnation.jamfsoftware.com/featureRequest.html?id=1121

--
https://donmontalvo.com

winningham_2
Contributor

Hey all,

How did you configure your syslog.conf on the Mac to forward on /var/log/jamf.log to your syslog server?

I am not running the Splunk Universal Forwarder on the clients and only forwarding our logs from syslog.MyWork.edu.

BaddMann
Contributor

ditto on winningham.2's request

also how do we format the syslog so that we can get what we need in one message? Every syslog is split into 5 or 6 separate messages on my Graylog instance.
I'm admittedly very new to syslogging, but having this happen doesn't sound like it's working correctly and is impossible to extract details from it.

donmontalvo
Esteemed Contributor III

We're hooked up to Splunk, we can see JSSChangeManagement.log entries, like changes to the JSS framework.

We don't have Event Logs piping out to anything yet, that is as important to us too.

Anyone using Syslog for event logs?

--
https://donmontalvo.com