Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Centralized linux system log analyzer?!
Special Forums UNIX and Linux Applications Infrastructure Monitoring Centralized linux system log analyzer?! Post 302566439 by jabalv on Thursday 20th of October 2011 11:06:03 AM
Old 10-20-2011
Quote:
Originally Posted by Neo
My experience is that zabbix is more flexible than logzilla... and neither is really what I would call 'great' for analysis.

Remember, collecting, aggregating and filtering "events" is not really "analysis"; and neither is simple "event triggering" based on simple pattern matching rules.

When I look at logzilla (as in zabbix), I don't see any analysis capabilities; only aggregation, filtering, and simple rule based pattern matching. This is really not "analysis" in my view.

For example, "analysis" would be a software process that can detect, from Apache2 log files, when an IP address is a "bot" (web spider) without looking at the user agent (UA). This is not easy in the general case and requires some pretty sophisticated analysis over time.
Yeah, I`m using zabbix too. But I can`t get it work well with log files. I only use it for specified process, event, etc.. I wrote bash scripts and then use zabbix trapper. Zabbix is good for system monitoring, but not for log files I think.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Centralized syslog server

I have a syslog server running Solaris 5.9 that is used exclusively to receive log messages from several thousand Cisco devices. The syslog server is and has been running fine for several months.. I would like to take all messages logged from the Cisco devices on this server and forward them... (2 Replies)
Discussion started by: getwithrob
2 Replies

2. UNIX for Dummies Questions & Answers

centralized unix user management

Does it exist centralized tools on unix for managing users of all servers (like windows AD) ? (1 Reply)
Discussion started by: astjen
1 Replies

3. UNIX for Dummies Questions & Answers

how to configure centralized log server

hi, i am beginner i am using small lan setup all machine fc 6 and fc7 8 and fedora 9 also i want to know how to configure centralized log server on fedora 9 step by step any one help me Thanks (0 Replies)
Discussion started by: poswer
0 Replies

4. HP-UX

HP UX Syslog Analyzer

Hi everybody I need to analyze syslog file in HP UX Is there any log analayzer for this file? Regards (3 Replies)
Discussion started by: m_arab
3 Replies

5. UNIX for Advanced & Expert Users

Need help on setting up Centralized Server

Hello All, I am working on SuSe Linux Platform. Some times ago i got an issue with an application for which i had to update that in all desktops (SLED == SuSe Linux Desktop). Since this time number of desktops were less then it was possible to go and update package manually. But in... (1 Reply)
Discussion started by: shirsha
1 Replies

6. IP Networking

Best iptables log analyzer?

Hello all, i want to view my iptables log on web interface, with chart (in option, and this is not my priority). What is the best program for this? I have Ubuntu server. Thanks ! :) (0 Replies)
Discussion started by: Pacifiste95
0 Replies

7. AIX

Accessing files on AIX system from Linux system

I have a following requirement in production system 1 : LINUX User: abcd system 2: AIX (it is hosting a production DB) Requirement user abcd from system 1 should have read access on archive log files created by DB on system 2. The log files are created with permissions 540 by user ora ,... (2 Replies)
Discussion started by: amitnm1106
2 Replies

8. Programming

Linux/Solaris System Administrator to become a Linux/Solaris System Programmer?

Hi all What is the qualification required by Linux/Solaris System Administrator to become a Linux/Solaris System Programmer as to gain complete knowledge on computers. Thanks (1 Reply)
Discussion started by: Tlogine
1 Replies

9. Shell Programming and Scripting

Log file analyzer, super basic sh file

Hello! I have a small shell project that is due next week, that I'd appreciate some help with. task: Write a shell program that can analyze at least 2 types of log files and print them in an easily readable way. Make it so that you can switch between log file types. The two file types should be... (1 Reply)
Discussion started by: malfiory
1 Replies

10. Homework & Coursework Questions

Log file analyzer, super basic sh program

Hello! I'd like some help with this assignment. 1. The problem statement, all variables and given/known data: 1)Write a shell script that can uses two types of files as inputs, apache.log and apache.error.log 2)Make it so that you can switch between the two file types 3)Make it so that the... (5 Replies)
Discussion started by: malfiory
5 Replies

LEARN ABOUT DEBIAN

ratproxy

RATPROXY(1)							   User Commands						       RATPROXY(1)

NAME

       ratproxy - a passive web application security assessment tool

SYNOPSIS

       ratproxy [-w logfile] [-v logdir] [-p port] [-d domain] [-P host:port] [-xtifkgmjscael2XCr]

DESCRIPTION

       Ratproxy  is  a	semi-automated,  largely passive web application security audit tool. It is meant to complement active crawlers and manual
       proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic  annotation,
       of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0
       environments.

OPTIONS

       -w logfile    - write results to a specified file (default: stdout)

       -v logdir     - write HTTP traces to a specified directory (default: none)

       -p port	     - listen on a custom TCP port (default: 8080)

       -d domain     - analyze requests to specified domains only (default: all)

       -P host:port  - use upstream proxy for all requests (format host:port)

       -r	     - accept remote connections (default: 127.0.0.1 only)

       -l	     - use response length, not checksum, for identity check

       -2	     - perform two, not one, page identity check

       -e	     - perform pedantic caching headers checks

       -x	     - log all XSS candidates

       -t	     - log all directory traversal candidates

       -i	     - log all PNG files served inline

       -f	     - log all Flash applications for analysis (add -v to decompile)

       -s	     - log all POST requests for analysis

       -c	     - log all cookie setting URLs for analysis

       -g	     - perform XSRF token checks on all GET requests

       -j	     - report on risky Javascript constructions

       -m	     - log all active content referenced across domains

       -X	     - disruptively validate XSRF, XSS protections

       -C	     - try to auto-correct persistent side effects of -X

       -k	     - flag HTTP requests as bad (for HTTPS-only applications)

       -a	     - indiscriminately report all visited URLs

EXAMPLES

       Example settings suitable for most tests:

       1) Low verbosity  : -v <outdir> -w <outfile> -d <domain> -lfscm

       2) High verbosity : -v <outdir> -w <outfile> -d <domain> -lextifscgjm

       3) Active testing : -v <outdir> -w <outfile> -d <domain> -XClfscm

       Multiple -d options are allowed. Consult the documentation for more.

AUTHOR

       ratproxy is written and maintained by Michal Zalewski <lcamtuf@google.com>

       This manual page was generated via help2man by Iustin Pop <iusty@k1024.org> for the Debian project (but may be used by others).

SEE ALSO

       ratproxy-report(1)

ratproxy 1.56-beta						    April 2009							       RATPROXY(1)
All times are GMT -4. The time now is 07:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy