Help

Syslog

franton
Valued Contributor III

Posted on ‎03-06-2013 12:46 AM

Anyone here using a Syslog server? Thoughts? Complaints?

(i've been tasked with investigating the implementation of one. we're looking at Splunk right now as a org wide solution).

0 Kudos
Reply
13 REPLIES 13

pchang
New Contributor

Posted on ‎03-06-2013 04:23 AM

I implemented a syslog server last year. So far it's been great. We were looking at Splunk before, but I went with an open source solution, called Graylog2. They just released a new version recently, but I have yet to check it out. It took a while to get this working, but once I did it has been nothing but great. It's probably the best open source syslog solution out there, in my opinion. www.graylog2.org

0 Kudos
Reply

franton
Valued Contributor III

Posted on ‎03-06-2013 05:01 AM

Glad to know it's possible! I need to find out more about Splunk as it's the solution "upstairs" is leaning to.

0 Kudos
Reply

jarednichols
Honored Contributor

Posted on ‎03-06-2013 05:19 AM

We use a syslog server though I don't know what it is. Our Risk folks wanted Casper plugged into it so they could see when a decryption key was recovered and follow up with the person who did it. Works a treat.

0 Kudos
Reply

rockpapergoat
Contributor III

Posted on ‎03-06-2013 08:52 AM

look at:

http://logstash.net for log collection
and
http://kibana.org for a web ui

it's better than splunk and open source.

a demo: http://demo.logstash.net

0 Kudos
Reply

pchang
New Contributor

Posted on ‎03-06-2013 09:06 PM

I'm looking at Kibana right now. It looks pretty good. I maybe switching to this. Thanks for sharing.

0 Kudos
Reply

franton
Valued Contributor III

Posted on ‎03-07-2013 01:06 AM

Great responses everyone! Too bad it's not my decision which product will eventually be used :( I just have to "make it work (tm)".

0 Kudos
Reply

tomdamon
New Contributor

Posted on ‎03-11-2013 06:53 AM

LogZilla is an alternative to Splunk. There is a free version for small networks, and other versions run about 3% of the cost of Splunk.

0 Kudos
Reply

bbinder
New Contributor

Posted on ‎03-18-2013 12:55 PM

Thanks for the ideas everyone. I have checked out Splunk in the past as well. Just don't want to have it reach the free limit and then be in trouble with something organization X will ultimately learn to rely on...or sysadmins anyway.
I have checked out zenoss and cacti - not saying that they are quite the same, but they were still worth checking out. I'll have to do a few tests on things and see how well they work.

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎03-18-2013 03:50 PM

It would be great for the JAMF appliance (JDS) to include Syslog. ;)

Don

--
https://donmontalvo.com
0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎03-25-2013 01:35 PM

FYI...please vote up:

https://jamfnation.jamfsoftware.com/featureRequest.html?id=1121

--
https://donmontalvo.com
0 Kudos
Reply

winningham_2
Contributor

Posted on ‎03-05-2015 08:47 AM

Hey all,

How did you configure your syslog.conf on the Mac to forward on /var/log/jamf.log to your syslog server?

I am not running the Splunk Universal Forwarder on the clients and only forwarding our logs from syslog.MyWork.edu.

0 Kudos
Reply

BaddMann
Contributor

Posted on ‎12-21-2016 02:14 PM

ditto on winningham.2's request

also how do we format the syslog so that we can get what we need in one message? Every syslog is split into 5 or 6 separate messages on my Graylog instance.
I'm admittedly very new to syslogging, but having this happen doesn't sound like it's working correctly and is impossible to extract details from it.

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎02-28-2017 09:19 AM

We're hooked up to Splunk, we can see JSSChangeManagement.log entries, like changes to the JSS framework.

We don't have Event Logs piping out to anything yet, that is as important to us too.

Anyone using Syslog for event logs?

--
https://donmontalvo.com
0 Kudos
Reply