Logcheck alternative for central syslog server

Question

I have to setup some open source log monitoring on a centralized syslog server. A lot of machines (windows, linux) and some routers and switches sending their logs there.

Many years ago when I had to do similar setup I used logcheck which is the improved version of logsentry but I'm sure there are many free alternatives for this out there.

I do not need fancy stuff like storing events in database or displaying them on some web frontend. All I need is an easy to configure solution which regularly goes through all the machines logs, find suspicious events in them and send me an email about them. I need a tool which can be easily configured to ignore all the "noise". I don't want to receive hundreds of emails from this every day.

What I found so far:

logcheck, logtail, logsentry, Swatch, SEC, OSSEC

Thanks

possible duplicate of [Alternatives to Splunk?](http://serverfault.com/questions/62687/alternatives-to-splunk) — , Feb 26 '14 at 08:53

score 1 · Answer 1 · edited Apr 13 '17 at 12:50

1

Logstash -> Kibana,
Logstash -> Greylog2
Logstash -> just about anything else

http://edgeofsanity.net/article/2012/06/17/central-logging-with-open-source-software.html

You may want to move this post to https://softwarerecs.stackexchange.com/

edited Apr 13 '17 at 12:50

Community

1

answered Feb 24 '14 at 20:53

ETL

6,443
1
26
47

came here to say Logstash. It can be a bear to get up and running, depending on size, but it works great. – Couradical Feb 24 '14 at 21:36

Logcheck alternative for central syslog server

1 Answers1