[Last Call] Learn how to a build a cloud-first strategyRegister Now


Syslog Reporter/Analyser

Posted on 2010-01-08
Medium Priority
Last Modified: 2013-11-16
Hi, I'm running Kiwi Syslogd to capture syslogs messages from a variety of sources, mostly routers, firewalls, and Windows servers (via SNARE).  

I'm dumping everything to a MS SQL 2000 database.  I'm looking for something that will connect to that database and do some reporting/analysis/etc type work - the more the better.  It'd also be nice to be able to search free text without writing a SQL query.

Anyone know of any good tools?  I've tested dozens and can't quite find what I'm looking for.  Only catch here is that it'd have to run on Windows.
Question by:entegration

Accepted Solution

ChopOMatic earned 100 total points
ID: 26214577
Have you tried Tableau? Looks like a very capable SQL analysis tool.
LVL 65

Assisted Solution

btan earned 100 total points
ID: 26265211
I do not see that you really need a complex data mining services, if so you can see SQL Server Analysis Services @ http://msdn.microsoft.com/en-us/library/ms175609%28SQL.90%29.aspx.

Natively there are the SQL query analyser, I believe you already tried and probably not what you looking for :)

(1) One good tool I will propose is Splunk, it has great doc support and its feature would have satisfied what you wanted. But it actually get the log directly and perform on them, so to use it, you will need to do it indirectly - script to extract log and Splunk to index for further report/analyse on the existing SQL database, it will be achieved indirectly. See support http://www.splunk.com/support/forum:SplunkApplications/2192 
- see doc http://www.splunk.com/base/Documentation/2.1/User/BasicTutorial
- It probably satisfied the whole list of what you want.

(2) Probably, you also want to take a look at Sphinx @ http://www.sphinxsearch.com/downloads.html
I see Sphinx as an option if your full text search functionality isn't that complicated (Sphinx can't do partial matches or fuzzy search) or your indexed models don't change much. But note that it has free text search but no other features. MS SQL is also supported @ http://www.sphinxsearch.com/docs/manual-0.9.9.html#conf-source-type

(3) But the hard part is to do analysis tasks where typical human intervention is needed. There is one windows tool that will fit the bill. It is Logparser - MS tool (using SQL script but not for SQL database, it target XML, text files etc)
@ http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

You tell Log Parser what information you need and how you want it processed. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart.  Though it is still dependent on SQL query statement it can go granular,  parses out the logs to provide good insights.

See this old (yet useful) article insights - doing forensic using LogParser. It does help to correlate but not in automated fashion. Human still the central engine to "join the dots" if that is the intent you see as priority @ http://www.securityfocus.com/infocus/1712

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
It all started with a phone call.  The then acting director of the Office of Research Computing, called to ask me to remotely shutdown my computer, it was Yom Kippur, Wednesday October 12, 2016.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question