0

Does anybody know of a good tool to collect and analyse the application logs from a number of different Windows servers running on VMWare? All servers are on the same domain.

Ideally the tool would be free and open source.

Thanks

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255

5 Answers5

2

Splunk is the new hot player on the market. It's a sorta-free model. A single server is free, but if you want to correlate multiple servers logs into a single server you need to pay.

Zenoss has a much less robust log aggregator, but it works, and you can do many other things with Zenoss as well. Zenoss operates under a sorta-free model as well, but there is no limit on the free version, only a few missing features.

FWIW, I would pay for splunk. It's that good

Joseph Kern
  • 9,809
  • 3
  • 31
  • 55
2

I use a combination of SyslogD, snare and Splunk for my log analysis. SNARE sits on the windows server and pipes the eventlogs to my central syslogd logging server (which is also my Nagios server)

I then use Splunk to analyse them on the one server only, abiding by (in my eyes at least) the server license.

I have posted semi-instructions on how to do this on my blog at Central Syslog for Servers

This also takes care of my Pix's and other equipment that can redirect their logging.

Dan
  • 852
  • 1
  • 8
  • 27
0

Here are some instructions on setting up snare and splunk: http://www.splunk.com/base/Documentation/2.1/Admin/Snare

Sam
  • 1,990
  • 1
  • 14
  • 21
0

Microsoft EvenComb. Down and dirty does a nice job.

mgorven
  • 30,036
  • 7
  • 76
  • 121
  • Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Scott Pack Dec 05 '12 at 16:11
0

We have NXLog Community Edition in my company (I work here) that can collect, parse, convert and send Windows EventLog as well as other Windows log sources (Windows DNS, PowerShell, Windows Firewall, etc). If you are working with SIEM like Rapid7, IBM QRadar, etc there is the option to use NXLog as the log source to send events to these SIEM suites. There are also integrations with Splunk, Snare, Graylog, ELK stack etc.

NASAhorse
  • 111
  • 4