Hello Patrick, > I'm going to setup a central syslog server for Linux and windows machines, > but whats the best program to examin these logs, and send out email alerts > to users ?
I am currently using two programs to monitor my logs: swatch - http://swatch.sourceforge.net/, which I use for monitoring realtime events in my log files, like failed logins, administrator/root logins, etc. logwatch - http://www.logwatch.org/, which I use for generating daily reports on the logged information. Is this perfect, no, but a start. Some of the other programs I have looked as but not really implemented are: sec - http://simple-evcorr.sourceforge.net/, which does some event analysis. tenshi - http://tenshi.gentoo.org, which is a Gentoo project for log parsing and notification. There are some event analysis tools, but I have not even considered looking at them yet, like: OSSIM - http://www.ossim.net OpenSIMS - http://www.opensims.org A good site is http://www.loganalysis.org Sean > > It seems that there are not so many opensource solutions. > > TIA > > -- > This is Unix-Land. In quiet nights, you can hear the Windows machines > reboot. -- Sean Higgins, [EMAIL PROTECTED] http://www.systura.com - "Where information becomes knowledge." -- gentoo-user@gentoo.org mailing list
