swatch with syslog-ng

I have syslog-ng server ( linux)  and swatch (AIX) on another server. How can I view both of them together. I have cacti installed on syslog-ng server by which I can view syslog-ng messages. So any ideas...

If I can implement how can this be done..
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hugh FraserConsultantCommented:
I'm confused about what you're looking for. "suslog-ng" is a syslog server, swatch is a tool for realtime monitoring of event logs, and cacti is an SNMP poller. These are 3 different tools for different purposes. They can certainly be connected, but what exactly do you want the end result to be?
forget about swatch, let the aix syslog send its stuff to syslog-ng (you know how to do that?) and keep on using cacti.

jdenver247Author Commented:
I used Cacti syslog plugin to actually poll all the syslog messages and this is working fine. Now I see that syslog messages can also be sent to swatch and view. I have tried this
BUt was not quite useful...Any ideas
since I'm not familiar with swatch, I can't help you using it.
But, as we know, one can concentrate all syslog messages at one host (namely your syslog-ng server).
Why not let all the syslogs of your machines go to one file per host on syslog-ng and use swatch there to view those logfiles? (As I said, swatch is not my thing).
Hugh FraserConsultantCommented:
If all you want to do is concentrate your syslog events in one place, syslog on the AIX can be configured to forward messages to the linux box (make sure you configure the syslog-ng server to accept messages from a network connection, and open up the port in the linux firewall).

If you like the Cacti plugin for displaying alerts. If you're interested in some more sophisticated logfile analysis, have a look at Splunk.

If you want incorporate the output from swatch into your logfile views, feed the output to a file and feed that in to Cacti with the "logger" command, which sends alerts to syslog. Use one of the other syslog facilities to kieep the events separate.

I've used swatch many times, but sometimes I need more sophisticated event analysis involving correlation, such as alarming only if a particular alert happens more than 10 times in 60 seconds. For that I've used SEC (Simple Event Correlation), labelling the event source as "synthetic" and feed the results back into syslog via the logger command.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.