• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 863
  • Last Modified:

Syslog Reporter/Analyser

Hi, I'm running Kiwi Syslogd to capture syslogs messages from a variety of sources, mostly routers, firewalls, and Windows servers (via SNARE).  

I'm dumping everything to a MS SQL 2000 database.  I'm looking for something that will connect to that database and do some reporting/analysis/etc type work - the more the better.  It'd also be nice to be able to search free text without writing a SQL query.

Anyone know of any good tools?  I've tested dozens and can't quite find what I'm looking for.  Only catch here is that it'd have to run on Windows.
2 Solutions
Have you tried Tableau? Looks like a very capable SQL analysis tool.
btanExec ConsultantCommented:
I do not see that you really need a complex data mining services, if so you can see SQL Server Analysis Services @ http://msdn.microsoft.com/en-us/library/ms175609%28SQL.90%29.aspx.

Natively there are the SQL query analyser, I believe you already tried and probably not what you looking for :)

(1) One good tool I will propose is Splunk, it has great doc support and its feature would have satisfied what you wanted. But it actually get the log directly and perform on them, so to use it, you will need to do it indirectly - script to extract log and Splunk to index for further report/analyse on the existing SQL database, it will be achieved indirectly. See support http://www.splunk.com/support/forum:SplunkApplications/2192 
- see doc http://www.splunk.com/base/Documentation/2.1/User/BasicTutorial
- It probably satisfied the whole list of what you want.

(2) Probably, you also want to take a look at Sphinx @ http://www.sphinxsearch.com/downloads.html
I see Sphinx as an option if your full text search functionality isn't that complicated (Sphinx can't do partial matches or fuzzy search) or your indexed models don't change much. But note that it has free text search but no other features. MS SQL is also supported @ http://www.sphinxsearch.com/docs/manual-0.9.9.html#conf-source-type

(3) But the hard part is to do analysis tasks where typical human intervention is needed. There is one windows tool that will fit the bill. It is Logparser - MS tool (using SQL script but not for SQL database, it target XML, text files etc)
@ http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

You tell Log Parser what information you need and how you want it processed. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart.  Though it is still dependent on SQL query statement it can go granular,  parses out the logs to provide good insights.

See this old (yet useful) article insights - doing forensic using LogParser. It does help to correlate but not in automated fashion. Human still the central engine to "join the dots" if that is the intent you see as priority @ http://www.securityfocus.com/infocus/1712
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now