Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Softpanorama Search

Unix Log Analysis and Management Tools

News Enterprise Logs  Infrastructure

Recommended Links

Syslog Http logs analyzers logger utility
Log rotation Log Analysers Log Colorizing Remote Syslog Syslog Configuration Examples Syslog Configuration Debugging
Logrep devialog Swatch Kazimir LooperNG Logwatch
Splunk Sawmill Lire Epylog MultiTail Net::Dev::
Tools::Syslog
Logrotate Perl-Logrotate Log rotation in RHEL/CENTOS   Humor Etc

There is not that many Perl tools for log analysis (monitoring, colorizing, etc) and management. Logwatch is probably the most well know Perl log analyzer.  This type of tools is covered in log monitoring page.

Perl-based log analyzer essentially represent a primitive monitoring system and are flexible enough to  be used as monitoring sensors for  all popular monitoring solutions.  They are usually pretty extensible and can be tuned to the task in hand, the operation which is much more difficult for analyzers written in other scripting languages as system administrators usually know Perl, not rarely other scripting languages.

See Unix System Monitoring

One type of systems that you probably should avoid are those which just expose regular expressions via Perl, providing just a capability to apply regular expression to the stream of log records (log analyzers for dummies; of log stream grep tools). Such solutions essentially hide the Perl strengths downgrading it to the version of grep and as such are not attractive to competent system administrator.  They bring very little to the plate.


Notes:
  • This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Some amount of grammar and spelling errors should be expected.
  • The site contain some broken links as it develops like a living tree... Please try to use Google, Open directory, etc. to find a replacement link (see HOWTO search the WEB for details). We would appreciate if you can mail us a correct link.
Google Search
Open directory

Research Index


Old News ;-)

[Apr 20, 2009] Octopussy 0.9.9.2

Changes: Open Flash Chart has been integrated with Octopussy to produce better reports. The RRD Taxonomy bug has been fixed. Many minor bugfixes and improvements are included.

[Sep 12, 2008] Logrep

Logrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports 25 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Pix.

[Jul 20, 2008] kazimir

Perl-based log analyzer with some interesting capabilities.
Kazimir is a log analyzer. It has a complete configuration file used to describe what kind of logs (or non-regression test) to be watched or spawned and the kind of regexp to be found in them. Interesting information found in logs may be associated with "events" in a boolean and chronological way. The occurrence of events may be associated with the execution of commands.

Release focus: Initial freshmeat announcement

[Dec 19, 2007] Octopussy

Octopussy is a solution to manage your logs (also frequently called a SIM/SEM/SIEM Solution). Basically, it stores your logs, produces reports, and raises alerts.

Release focus: Major bugfixes

Changes:
Reports in XML have been added. Logs Wizard allows you to check whether unknown logs match a Service that doesn't belong to the current Device. There is a global bugfix regarding special characters. There are bugfixes for Report Scheduler and octo_logrotate.

[Jul 5, 2007] devialog

About:
devialog is a behavior/anomaly/signature-based syslog intrusion detection system which can detect new, unknown attacks. It fits comfortably in a heterogeneous Unix/Linux/*BSD environment at the core of a central syslog server. devialog generates its own signatures and acts upon anomalies as configured by the system administrator. In addition, devialog can function as a traditional syslog parsing utility in which known signatures trigger actions.

Release focus: Minor bugfixes

Changes:
Bug fixes include better handling of lines with some special characters. A timing error was fixed within alert generation: sometimes alerts would be sent inadvertently based on the timing of a new log arriving as an alert was sent out in specific high-volume log situations. Altered signature generation creates more exact regular expressions.

[Oct 26th 2006]  

LMF (Log Monitoring Framework) is a flexible log monitoring framework that allows the user to match text from log files using Perl regular expressions and capturing parentheses. An optional external command will be executed when a user-specified number of matches is found within a user-specified period. In additon to the trigger, the rule can also have a message associated with it; when the rule is triggered, that message will be logged to the LMF log file. Each rule can also have a duration associated with it; after a rule has been triggered and the duration has expired, an optional external command will be run.

Octopussy

Octopussy is a Perl/XML log analyzer, alerter, and reporter.

Recommended Links


In case of broken links please try to use Google search. If you find the page please notify us about new location
Google     

Internal

External



Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Disclaimer:

Last modified: August 12, 2009