Log Monitoring

SEC – Simple Event Correlator

SEC is a tool for accomplishing event correlation tasks in the domains of log analysis, system monitoring, network and security management, etc. Event correlation is a procedure where a stream of events is processed, in order to detect (and act on) certain event groups that occur within predefined time windows. Unlike most other event correlation products which are heavyweight solutions, SEC is a lightweight and platform-independent event correlator which runs as a single process.

SEC reads lines from files, named pipes, or standard input, matches the lines with patterns (like regular expressions or Perl subroutines) for recognizing input events, and correlates events according to the rules in its configuration file(s). SEC can produce output by executing external programs (e.g., snmptrap or mail), by writing to files, by calling precompiled Perl subroutines, etc.

1 comment - What do you think?  Posted by mutex - July 4, 2012 at 6:03 pm

Categories: Log Analyzers, Log Monitoring, Log Processing, Tools   Tags:

LogSurf

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is similar to the well-known swatchprogram on which it is based, but offers a number of advanced features which swatch does not support.

Logsurfer is capable of grouping related log entries together – for instance, when a system boots it usually creates a high number of log messages. In this case, logsurfer can be setup to group boot-time messages together and forward them in a single Email message to the system administrator under the subject line “Host xxx has just booted”. Swatch just couldn’t do this properly.

Logsurfer is written in C – this makes it extremely efficient, an important factor when sites generate a high amount of log traffic. I have used logsurfer at a site where a logging server was recording more than 500,000 events per day – and Logsurfer had no trouble keeping up with this load. Swatch, on the other hand, is based on perl and runs into trouble even when dealing with a much smaller rate of log traffic

Be the first to comment - What do you think?  Posted by mutex - at 6:02 pm

Categories: Log Analyzers, Log Monitoring, Log Processing, Tools   Tags:

Lire

Lire is an open source application for monitoring the logs of numerous applications.  Lire can output reports in multiple formats.

Be the first to comment - What do you think?  Posted by mutex - at 5:46 pm

Categories: Log Analyzers, Log Monitoring, Log Processing, Tools   Tags:

Swatch

Swatch is a perl tool for monitoring log files.

Be the first to comment - What do you think?  Posted by mutex - at 5:40 pm

Categories: Log Analyzers, Log Monitoring, Log Processing, Tools   Tags:

Logcheck

Logcheck is an open source software package that is designed to automatically run and check system log files for security violations and unusual activity. Logcheck utilizes a program called logtail that remembers the last position it read from in a log file.

1 comment - What do you think?  Posted by mutex - at 5:37 pm

Categories: Log Analyzers, Log Monitoring, Log Processing, Tools   Tags:

Logwatch

Logwatch is a customizable, open-source log analysis system. Logwatch parses through your system’s logs and creates a report analyzing areas that you specify. Logwatch is easy to use and will work right out of the package on most systems.

Logwatch is available here.

1 comment - What do you think?  Posted by mutex - June 2, 2012 at 11:53 pm

Categories: Log Analyzers, Log Monitoring, Log Processing, Tools   Tags:

Splunk

Splunk is an IT management application that will pull in and process many kinds of data, including log data, am allow correlation, alerting and event triggering.

Splunk can be found here.

Be the first to comment - What do you think?  Posted by mutex - at 12:12 am

Categories: Log Monitoring, Log Processing, Tools   Tags:

Loggly

Loggly is a cloud-based log monitoring andanalysis service.

You can find Loggly here.

Be the first to comment - What do you think?  Posted by mutex - June 1, 2012 at 11:21 pm

Categories: Log Management Service, Log Monitoring, Tools   Tags:

Graylog 2

Graylog 2 is an open source log management and monitoring application. Logs are stored in a database and can be queried from a web interface.

More info on Graylog 2 is available here.

2 comments - What do you think?  Posted by mutex - at 5:46 pm

Categories: Log Monitoring, Syslog Servers, Tools   Tags:

Recent Posts in the Syslog Forum

RSS Error: A feed could not be found at http://www.syslog.org/forum/.xml/?type=rss. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.