ABOUT
Visit BalaBit site
Posts Tagged ‘gui’
Graphical User Interfaces for use with syslog-ng
Centralized logging of events has been an important part of the IT infrastructure for many years. It is more convenient to browse logs in a central location rather than viewing them on individual machines. Central storage is also more secure. Even if logs stored locally are altered or removed, one can still check the logs on the central log server. Compliance with different regulations also makes central logging necessary. (This is an updated version of my previous syslog-ng web gui blog.)
A comparison of syslog-ng web GUIs
Central logging of events is already an important part of the IT infrastructure for many years. It is more convenient to browse logs at a central location instead of on individual machines. It is also more secure, as even if an individual machine is compromised, and local logs are altered or removed, one can still check the logs on the central log server. Compliance with different regulations also makes central logging necessary.
System administrators prefer to use the command line. Why bother with GUIs? Grep, awk & Co. are powerful tools, but for complex queries an SQL based web interface makes the job done a lot more quicker. Once there are many messages to search, it’s not just convenient, it’s a must. With thousands of incoming messages a second, the indexes of log databases still give Google like response times even for the most complex queries, while traditional text based tools don’t scale.
In this comparison of web GUIs for syslog-ng I try to cover solutions from simple scripts to browse logs through cloud logging to enterprise level applications. All of these have different strengths and weaknesses, and target different usage scenarios.
LogStash
Logstash is a tool to collect, filter and display logs. It can collect logs from many sources, including syslog-ng, filter them, store them in a database and search them from a web interface. It can also output logs in various formats.
ELSA: Web interface for syslog-ng and patterndb
Enterprise log search and archive (ELSA) is a brand new centralized syslog framework with syslog-ng 3.1+ and patterndb at its heart. It is the first larger project outside of BalaBit utilizing the power of patterndb. Data storage and searching is based on mysql and sphinx, and there is a simple but powerful web interface, which gives quick access even to many millions of log messages.
Logzilla brings syslog-ng and Cisco logs to the next level
Logzilla (or as better known by long time syslog-ng users: php-syslog-ng) is one of the best known web GUIs for syslog-ng. The latest version brought some unique features like message deduplication and support for Cisco Mnemonics.
Logging to the cloud
Cloud and Software as a Service are two very important words in IT recently. They are made possible by the Internet, which is getting faster every day. This can also be utilized for syslog messages: as a pioneer in this field, Loggly ( http://loggly.com/ ) created “Logging as a Service”. I tested in the past few days and would like to share my experiences.
