Possible Duplicate:
Alternatives to Splunk?
I need to deploy a centralized log management device or appliance. It should be able to handle at least 100 devices giving it input. I would also like the ability for it to send me alerts when certain things are caught.
I have looked at splunk and free splunk doesn't alert you. Any other ideas? It can run on either windows or linux it doesn't matter.
Although not strictly "log management", another possibility in managing large networks of devices is a monitoring system. In many cases it's useful to know now only if a device is reporting "error" or "ok" with a service, but also if that service (and the machine it's running on) is completely inaccessible. Systems like Nagios and Zenoss (http://www.zenoss.com/) (both have open source and enterprise editions) will alert you of problems and can also parse logs to report problems that way too.
You could try syslog-ng store box appliance.
http://www.balabit.com/network-security/syslog-ng/log-server-appliance/
You could also simply do this with syslog-ng afcourse but the above is turnkey appliance.
Give LogZilla a try (http://www.logzilla.pro), my company has been using for a year now and I love it. It does have built-in alerting capability.
Try CorreLog. Here is the link for the 30 day evaluation version. http://www.correlog.com/purchase/free-trial-download-form.html
Security event correlation, consolidation of logs, any platform. Check them out.
I have liked using Epylog:
http://packages.debian.org/sid/epylog
You can write regex to catch what you wish and then act on it. Just central syslog the data and run epylog on a schedule.
