Syslog parser wanted to replace Kiwi Syslog (win32)

Syslog parser wanted to replace Kiwi Syslog (win32)

Post by Jurgen.Turrek.. » Fri, 20 Jan 2006 23:08:10

Today, we are using Kiwi syslog 7 (paid version) to capture syslog
traffic from various hosts (F5 Load balancers, Cisco equipment etc ..).

These syslog message are then put through some filters (Rules) (based
on IP address and port, contained in syslog message), and when a Rule
is encountered, actions issue,
varying from sending SNMP-traps to logging to a database (ODBC).

Unfortunately, the amount of monitored applications is growing
exponentially, and each copy of Kiwi syslog cannot hold more than 128
Rules, so we are forced to deploy more than one copy of the software (3
VMWare machines as we speak).

Is it possible (I would hope so) to put up a syslogd on a linux
machine, and parse the output so that I can do the abovementioned with
one machine instead of 3-4 (and growing)?

I've got basic bash-scripting knowledge, but I'm not scared to dive
into the deep if only someone would point me to some how-to's and

how would I go on to sending the SNMP-traps and logging to the database
(using ODBC) ?

Many thanks!


1. Tuning syslog/Syslog reporting/Syslog enhancement/replacements


        I have been investigating using syslog's logging facilities. I have
currently set up our network to log to a central logging host. In my
preliminary attempts, I have set up syslog to dump everything to a single file,
which gets messy. I've sorted out the files now, and I have noticed that
certain applications such as telnetd and ftpd write to the LOG_MAIL facility.
Is there
a way to alter the logging facility that they report to, or will I have to have
modified binaries to handle this? I'm mostly concerned with our AIX machines
but we also have HPUX, Sunos/Solaris, and OSF. I could very well have it dump
information and sort out the data based on rules I develop using
sed/awk/perl/grep (whatever), But it would be nicer if it were done by
syslog/programs writing to syslog.

        Also, is anyone familiar with any other logging utilities? I would be grateful
for some help/advice or some pointers to where to find this information.

Thanks for your help.


2. Image file converter

3. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

4. some kind of attack. i need some help here!

5. Syslog replay script for centralized syslog host

6. Anyone know how to increase IP hop count ??

7. syslog.conf/syslog

8. parentheses as special characters

9. Sending syslog messages to a remote syslog server

10. Syslog question - getting other hosts' syslog messages

11. SYSLOG and syslog.conf

12. Syslog.conf and remote syslog entries

13. syslog ignores syslog.conf?