1

I have to setup some open source log monitoring on a centralized syslog server. A lot of machines (windows, linux) and some routers and switches sending their logs there.

Many years ago when I had to do similar setup I used logcheck which is the improved version of logsentry but I'm sure there are many free alternatives for this out there.

I do not need fancy stuff like storing events in database or displaying them on some web frontend. All I need is an easy to configure solution which regularly goes through all the machines logs, find suspicious events in them and send me an email about them. I need a tool which can be easily configured to ignore all the "noise". I don't want to receive hundreds of emails from this every day.

What I found so far:

logcheck, logtail, logsentry, Swatch, SEC, OSSEC

Thanks

IvanJosef
  • 11
  • 2
  • possible duplicate of [Alternatives to Splunk?](http://serverfault.com/questions/62687/alternatives-to-splunk) –  Feb 26 '14 at 08:53

1 Answers1

1
  • Logstash -> Kibana,
  • Logstash -> Greylog2
  • Logstash -> just about anything else

http://edgeofsanity.net/article/2012/06/17/central-logging-with-open-source-software.html

You may want to move this post to https://softwarerecs.stackexchange.com/

ETL
  • 6,443
  • 1
  • 26
  • 47