That looks like what I had in mind.

Thanks!
-Luke


Stephan Wiesand wrote:
> We're using this: http://www.cert.dfn.de/eng/logsurf/ for processing the
> syslog input from some 450 systems. It works well since we replaced the
> E450 loghost by a dual Xeon 2.8 with 2 GB RAM.
> 
> I think it needs quite a bit of configuration, and some attention
> occasionally. But our expert for this tool can do wonderful things with
> it, like sending us just a single mail for events that produce many log
> messages (breaking hard drives), or detecting brute force attacks by
> correlating failed login attempts from different systems.
> 
> Stephan
> 
> On Tue, 3 Jan 2006, Luke Scharf wrote:
> 
>> I've set up my nifty-new syslog server.  However, logwatch just isn't
>> cutting it since it stips off the hostname of the machine for each item
>> it reports.
>>
>> Does anyone have any recommendation for log-analysis software where you
>> have 20 machines dumping syslog data into one?  (I may have as many as
>> 130 machines at some point; the Windows syslog service on sourceforge
>> looks intriguing.)
>>
>> Thanks,
>> -Luke
>>
>>
> 


-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering