Ping a Specific Port

Question

Fishwalker

Asked: 2009-09-15 08:10:05 +0800 CST2009-09-15 08:10:05 +0800 CST 2009-09-15 08:10:05 +0800 CST

Centralized Log Monitoring

772

I'm looking for some program or utility to create a centralized log monitoring server for a mixed Windows and Linux environment. Any suggestions? Essentially we want a place to look at the system and event logs for over 100 servers. Free is always better

4 Answers

Voted

KPWINC · Answer 1 · 2009-09-15T08:33:01+08:00

splunk

http://www.splunk.com

I think your overall best option is probably to go with Splunk since you're in a mixed environment. Depends on how much you want to log and if you can afford to pay. If you're selective about what you want to log you might just be able to get away with it for free.

OSSEC

http://www.ossec.net

While not EXACTLY what you're looking for, OSSEC will aggregate all of your logs to a single server with a fairly small amount of configuration. OSSEC can also integrate with Splunk which makes it even more interesting. Here's a snippet from their home page:

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Roll your own

This appears to be an older post but it might help anyway:

http://www.johnhsawyer.com/2006/03/centralized-logging-for-windows-using.html

You can also take a look at a previous question I answered here regarding sending log files securely to syslog-ng. (at least for the Linux side anyway):

How would you send syslog *securely* over the public Internet?

Hope this helps.

Cian · Answer 2 · 2009-09-15T08:39:02+08:00

Cian

2009-09-15T08:39:02+08:002009-09-15T08:39:02+08:00

If you're stupidly wealthy, splunk is pretty deadly. If you're not, it may be worth looking at some combination of syslog (-ng or rsyslog), Ossec-hids, and octopussy.

Since writing this, several interesting options have shown up for this. Logstash, graylog2. and ELSA all seem to replicate most of the features of Splunk, and are free/OSS.

Really though, you probably want splunk.

1

Tamerz · Answer 3 · 2013-05-10T09:14:58+08:00

Tamerz

2013-05-10T09:14:58+08:002013-05-10T09:14:58+08:00

I'd recommend EventSentry since I work at the company that makes it. I don't want to turn this into an advertisement so I'll leave it at that.

1

breadly · Answer 4 · 2009-09-15T08:28:34+08:00

breadly

2009-09-15T08:28:34+08:002009-09-15T08:28:34+08:00

Splunk!!!! Splunk!!! Splunk!!!! I use it for a mix of Networking devices, Linux, Solaris, Windows. The only issue is to keep under the free level, you need to be very specific what logs you want to keep, but I found as long as I was diligent in cutting down on chatter, and really only logging the info I needed, I had no problem.

http://www.splunk.com/

0

Centralized Log Monitoring

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?