Fedora out of the box gives you a solid syslog server, but not all that much in terms of analysis or reporting. Fedora has Logwatch, but I don't think Logwatch knows anything about analyzing ESX syslog out of the box. In the little bit that I've looked at rolling your own Logwatch stuff, it didnt seem to be all that easy. Of course, if you just want to collect the data and use grep when you need to, you may get everything you want out of Fedora for a very low cost.
If your'e a Windows shop, you might want to take a look at Kiwi Syslog. http://www.kiwisyslog.com/kiwi-syslog-daemon-overview/
In addition to just logging stuff, it has some fairly neat tools to post process the data.
Hello,
My book goes into detail on how to configure logwatch, there is not that much that is needed and it works quite well. You will have to monitor other logfiles than the default and ignore quite a few things, but it is pretty straightforward to setup.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization
Splunk all the way.
Check out this easy how-to: http://www.splunk.com/base/Community:VMwareESXSyslog
And Splunk is free if you index less than 500MB/day. Check it out! It rocks!
I will second Splunk. It can collect syslog data just fine like other sysloggers, but its ability to index logs for easy searching and linking up with other distributed Splunk servers is tops.
Beware of he who would deny you access to information, for in his heart, he dreams himself your master.
P.S : If you think that the answer is helpful please consider rewarding points.
Hello,
Besides Splunk there is also Snare.
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
I hope VIMA will be more advanced in syslogging in the future. I did a feature request, which in short should make all logs easily searchable on vima, color coded etc. I don't know what the status is unfortunately.
Duncan
VMware Communities User Moderator
-
If you find this information useful, please award points for "correct" or "helpful".
Unfortunately Snare needs agents and adapters. It won't work with any data.
Splunk on the other hand doesn't normalize the data, it doesn't have a database with a schema to try and jam data into. It indexes anything and everything without knowing the data format ahead of time. Even if the format changes over time it will keep indexing. The beauty of it is that you can then apply "search time" extractions if needed to create dynamic key/value pairs.
Even indexing Windows event logs is much more straight forward. You can index local event logs or use WMI to retrieve them. Even use WMI to get to all perfmon data.
Nworks can also work as a syslog collector. In combination with SCOM or HP Openview you get one solution for all your monitoring.
Have a look at rsyslog and phplogcon
Comparision of enterprise syslog server
Any others on the market ?