Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking into a syslog-ng server


  • Please log in to reply
2 replies to this topic

#1 hispaladin

hispaladin

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middle of a corn field
  • Local time:11:44 AM

Posted 28 July 2015 - 11:00 AM

OK so here is my situation first.  I have a network with 4 windows servers and 10 routers and I am looking into setting up a syslog server.  I have done some digging and what I have found is that syslog-ng is about the best option for the price (there is a free option).  From what I can find the open source version of syslog-ng is made for a Linux server and I have little to no experience with Linux on a desktop much less a server.  This is the only thing that I would be planning to do with the server, at least at this point.  I have found a few windows based syslog options but they are either not free or device restricted (only 5 devices on the free version).  I have the ability to spin up another VMware server to hold it or even have an older server that could be re-purposed to handle it.  So now that I have explained my situation let me ask my question.  First off, is this a crazy idea?  Should I be looking into another solution?  Secondly, what distro would be best for something like this?  Lastly, for this post anyway, am I about to jump into something way over my head  :killcomp: ?



BC AdBot (Login to Remove)

 


#2 mremski

mremski

  • Members
  • 493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:12:44 PM

Posted 28 July 2015 - 12:27 PM

What information are you trying to collect?   Are you looking to have your windows machines and routers log over the network to a single location?  It's unclear that this is what you are wanting to do.  Any standard Linux distribution would work as the central location, the routers may already be capable of this (what kind, what are they based on would be good info), the Windows boxes would likely need some kind of "windows event log to industry standard syslog" shim (I'm guessing that's what syslog-ng is).  Of course it may also be trivial to write something that pulls out event log stuff, translates it to standard syslog format and then pushes a UDP packet to your central server.

 

Back to the "what are you trying to collect":  depending on what you want, you may be better of looking at SNMP tools.


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#3 hispaladin

hispaladin
  • Topic Starter

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middle of a corn field
  • Local time:11:44 AM

Posted 28 July 2015 - 01:40 PM

Ah sorry, yes event logs is what I am looking to collect.  I have SonicWall routers that have the option to point to a syslog server for event log dumps.  I know the routers have a *Edit* SMTP option but I worked with it for a while and couldn't get it to work right.  I haven't looked into SNMP options, honestly I didn't really know there were SNMP options. 

 

Note:  I have one SonicWall TZ200 router and 9 SonicWall TZ100 routers, I am thinking that will make a big difference as some SonicWall routers have a lot more features than these do.


Edited by hispaladin, 28 July 2015 - 02:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users