League of Professional System Administrators - Log Data

logminion

doug — Thu, 26 Apr 2007 15:50:35 -0700

Short Description:
Log Minion is a perl script that helps get data into syslog from various sources

Home Page:
mysfitt.net/projects/logminion.php

Release Date:
Mon, 2004-04-26 15:00

Status:
Stable

Long Description:

Minon's job is to watch log files on the filesystem and send their contents to a syslog server [either local or remote] as they are updated. He's a helpful little bugger.
And since this is perl, I thought, "why not throw in some regex support?" So if you're so inclined, you can tell minion to only send lines that match a certain pattern of your choosing.

Features:

* runs on any Posix platform with Perl 5.005+ and File::Tail
* capable of tailing multiple files simultaneously using a threaded algorithm
* daemonizes itself on startup and can be run from a startup script
* full regular expression support for pre-filtering logs before sending them
* log levels, facility and application name are configurable

daemontools

doug — Sat, 21 Oct 2006 21:04:48 -0700

Short Description:
daemontools is a collection of tools for managing UNIX services

Home Page:
cr.yp.to/daemontools.html

Release Date:
Tue, 2000-11-07 21:00

Status:
Mature

Long Description:

daemontools is a collection of tools for managing UNIX services.

supervise monitors a service. It starts the service and restarts the service if it dies. Setting up a new service is easy: all supervise needs is a directory with a run script that runs the service.

multilog saves error messages to one or more logs. It optionally timestamps each line and, for each log, includes or excludes lines matching specified patterns. It automatically rotates logs to limit the amount of disk space used. If the disk fills up, it pauses and tries again, without losing any data.

A less encumbered version is available at http://smarden.org/runit/

Nagios

raymanfu — Thu, 05 Oct 2006 05:04:43 -0700

Short Description:
Free tool to monitor health of all network attached devices

Home Page:
www.nagios.org

Release Date:
Sun, 2000-12-31 14:00

Status:
Mature

Long Description:

Nagios is a host and service monitor designed to inform you of network problems before your clients, end-users or managers do. It has been designed to run under the Linux operating system, but works fine under most *NIX variants as well (We have run it on Solaris 2.8 and now Solaris 10). The monitoring daemon runs intermittent checks on hosts and services you specify using external "plugins" which return status information to Nagios. When problems are encountered, the daemon can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, page etc.). Current status information, historical logs, and reports can all be accessed via a web browser. A wap interface is also available.

phpLogCon

doug — Sun, 27 Aug 2006 20:54:20 -0700

Short Description:
phpLogCon is a web interface to syslog and other network event data.

Home Page:
www.phplogcon.com

Release Date:
Wed, 2005-08-10 20:00

Status:
Active

Long Description:

phpLogCon is a web interface to syslog and other network event data. It provides easy browsing and some basic analysis of realtime network events. Depending on the applications feeding the database, it can process Windows event log entries and even SNMP trap data - just to name a few.

phpLogCon is part of Adiscon's MonitorWare line of monitoring applications. It runs both under Windows and Unix/Linux. The database can be populated by MonitorWare Agent, WinSyslog or EventReporter on the Windows side and by rsyslog on the Unix/Linux side. phpLogCon itself is free, GPLed software (as are some other memebers of the product line).

Log Analysis

doug — Tue, 25 Jul 2006 09:29:44 -0700

Short Description:
Web page referencing log analysis tools

Home Page:
loganalysis.org

Release Date:
Fri, 2003-07-25 21:00

Long Description:

"Log Analysis is one of the great overlooked aspects of operational computer security. Many organizations spend hundreds of thousands of dollars on intrusion detection systems (IDS) deployments - but still ignore their firewall logs. Why? Because the tools and knowledge to make use of that data are often not there, or the tools that exist are too inconvenient. You should expect that to change. Right now, IDS vendors are up against the wall with the volumes of data they produce; the next wave in security is to try to usefully correlate and process the contents of multiple logs."