ELSA and syslog-ng PE
ELSA is one of the largest software projects outside BalaBit, which utilizes the patterndb pattern matching technology in syslog-ng. As an open source app, utilizes syslog-ng OSE at its heart. ELSA is used by network security professionals to gather enormous amount of information about what’s happening on their networks and search it with google like response times.
Recently somebody asked, if it’s possible to store digitally signed logs using ELSA. While it’s not possible using the mysql storage, syslog-ng PE has this functionality using its logstore technology. Of course, using the logstore has the drawback of storing logs twice, but it also has some advantages, like encryption or optional time stamping.
So once I could allocate a little time, I gave ELSA and syslog-ng PE a try. I used Ubuntu 10.04 and syslog-ng PE 4.2 in my tests, and with some minor quirks I was able to replace OSE with PE and add logstore support to the configuration. For details, check the ELSA wiki at https://code.google.com/p/enterprise-log-search-and-archive/wiki/UsingSyslog_NGPremiumEdition It should work in fairly similar way on all platforms supported by ELSA.