0

Actually we use ManageEngine's Application Manager to monitor some client servers that host Oracle Databases and some JBoss applications. Unfortunately App Manager doesn't work so fast as i wish so i have to look for a software than can read the log files and send e-mail alerts if some codes appears in the log.

Would be good if this tool could run in a centralized server (with Linux OS) and can read log files via SSH or something similar. Other options that will need to be installed in every server may help me too.

Anyone knows any tool that can do this?

Thanks

Juan
  • 119
  • 1
  • 2
  • 10

6 Answers6

2

Tenshi might be what you are looking for. It can monitor logfiles and alert & report based on regular expressions within them. I use it on my syslog servers and it works a treat.

Splunk is an excellent web front end for viewing logs, and free if you are generating under 500Mb of logs per day

paulos
  • 1,694
  • 9
  • 12
1

You'll probably hear a lot of people mention Splunk for the job. I've used Splunk and it lives up to the hype, it is not cheap however. Splunk uses it's own query language to query the log sets and generate reports. As one example I used Splunk to generate a report showing the top 15 domains people would go to in the Squid logs. I could also use it to query all of my servers to show all failed ssh login attempts on a nightly or hourly basis.

If you are looking for generalized systems and host monitoring I would suggest having a look at Zabbix. It's more of a traditional monitoring program, but it does have the ability to read log files and syslog. It can then be configured to trigger when specific regex matches are found in the log stream. Zabbix is nowhere near as powerful as Splunk when it comes to generalized log file monitoring, but Zabbix is great at metric based systems monitoring.

Red Tux
  • 2,074
  • 13
  • 14
0

Another option is to build something yourself. Apparently, someone else here has worked on something similar (obviously, he is looking for timestamps but I'm guessing it would be fairly trivial to modify it to look for a code). Fast extraction of a time range from syslog logfile? You could use smtplib to deal with the email alert aspect while paraminko library would deal with the SSH component of the problem. http://www.lag.net/paramiko/ Finally, run it regularly via cron.

Community
  • 1
dtbnguyen
  • 312
  • 1
  • 5
  • IMHO [logsurfer](http://www.crypt.gen.nz/logsurfer/) is a good building block to build your own lightweight solution. I often use it to simply sort logs into different buckets (using regex and contexts) and get a daily summary; -- but with some shell scripts behind it you can also implement different alarms. – mschuett Apr 26 '13 at 14:04
0

You can also take a look at Octopussy (disclaimer: my project).

It's probably harder and longer to configure than other solutions at the beginning, but after you can do a lot of things... Search, Report & Alert...

And it's totally free !

sebthebert
  • 1,224
  • 8
  • 21
0

Although there are actually many applications out there that can do this, it depends mainly on how much work you wish to do, each time you want to monitor a new log on any server.

If you wish to monitor logs on several hosts, the easiest way to do that is with Nagios. Nagios has a tool called LOGROBOT which you can use. This tool is pretty straightforward. Say you have a log file or log fileS to monitor on hosts named x,y,z... fine. Just specify the host names and the absolute path of each log file. Then give it the strings you want to monitor. There's nothing for you to learn how to do. No mumbo-jumbo documentation for you to have to decipher.

See the Nagios Exchange:

http://exchange.nagios.org/directory/Plugins/Log-Files/check-all-log-files-linux-2Fsunos-solaris-2Fhpux-2Faix-2Funix/details

The configuration (enabling, disabling, adding of new log checks on new hosts), can all be done from one central server. The central server will be the server on which Nagios is installed. Whenever the strings you specify are found in the monitored logs, email alerts will be generated and sent to whoever you want them sent to. No false positives.

user2096757
  • 11
  • 2
0

If you need scalability, then give LogZilla a try. It is highly scalable and costs about 3% of Splunk...there's also a free version if you have < 1M events/day. The latest version of LogZilla can handle over 1 Billion events a day and only takes around 5 seconds to query that data.

You can download a VM for testing and be up and running in just a few minutes.

Disclosure: I am the founder and main author of LogZilla.

Clayton Dukes
  • 444
  • 2
  • 9