Logging in Linux

  • syslogd, previously the de facto standard Linux implementation, used to be the default on Linux distributions.
  • klogd
  • metalog

Syslog Servers

  • rsyslog is a free and open source syslog server, the default on recent Ubuntu and CentOS distributions. Paid-for options include a Windows agent that sends the Event log to an rsyslog server.
  • syslog-ng is a free and open source syslog server, with great configuration options. Commercial extra options include encryption and and a web interface.
  • LogStash is free and open source, and combines a syslog server with a web interface for searching and graphing.
  • Graylog2 is also free and open source, and like LogStash it combines the functionality of a syslog server with that of an interface to search and graph the data.
  • Fluentd is a syslog server, capable of scaling up massively.

Web Interfaces

  • Kibana is a web interface for logs collected with LogStash or with other data stored in ElasticSearch.
  • [Octopussy] is a web interface with searching and graphing features. Installation instructions exist for RedHat- and Debian-based systems.
  • LogAnalyzer is a web frontend for syslog, with some analysis and reporting capabilities.

Free and Open Source Log Analysis Software

  • LogReport does log analysis and reporting, but it seems that its development has stopped.
  • LogSurfer analyzes logs line by line against predefined regular expressions, and can trigger notifications.
  • Epylog is a time-based log analysis tool, which sends reports and alerts by emails. It is a replacement of logwatch.
  • SEC does log analysis with focus on event correlation.
  • ELSA is an analysis and search tool for syslog-ng with MySQL for backend and Sphinx for indexing.
  • Clarity is a simple web front end for the contents of a directory with log files, with grep-like and tail-f-like features.

Non-Free or Closed Source or Commercial Log Analysis Software

  • LogZilla is free of charge for up to 10 devices and up to 1 million messages per day. Beyond those limits, the price scales up according to the selected features. Documentation includes instructions for RedHat- and Debian-based systems.
  • Splunk is free for up to 500 MBytes of data per day. Download options include packages for 2.6+ Kernel Linux distributions.
  • CloudPelican is still in development as of this writing. Their website mentions that there is a free version, but downloading the demo requires registration.
  • XPOLog is a freeware log analysis software with a standalone web server.
  • HP ArcSight Logger is a log analysis commercial solution by HP.
  • LogScape is a Linux based log analysis and indexing tool, with a free basic version.
  • Sumo Logic cloud based log management and analytics. Free version works for up to 500 MBytes of data per day, up to three users and up to 7 days retention.
  • Sawmill is a closed source analysis tool, with free 30-day demo versions.
  • Loggly offers log management, analysis and graphing. There is a free version for up to 200 MBytes of data per day and 7-day retention.
  • Otus SIEM
  • LogRhythm log management, analysis, SIEM, focused on security and forensics.

Analytics and Analysis

For Windows

  • Snare Backlog was a logging server for Windows, that could collect data from several standard sources, as well as from a wide range of operating systems that run its agent. There are freeware versions of it still available for download.
  • LogFaces is a syslog server for Windows.
  • Log Parser is a search tool for logs and other data sources.

See Also

Posted on