We're using this: http://www.cert.dfn.de/eng/logsurf/ for processing the syslog input from some 450 systems. It works well since we replaced the E450 loghost by a dual Xeon 2.8 with 2 GB RAM. I think it needs quite a bit of configuration, and some attention occasionally. But our expert for this tool can do wonderful things with it, like sending us just a single mail for events that produce many log messages (breaking hard drives), or detecting brute force attacks by correlating failed login attempts from different systems. Stephan On Tue, 3 Jan 2006, Luke Scharf wrote: > I've set up my nifty-new syslog server. However, logwatch just isn't > cutting it since it stips off the hostname of the machine for each item > it reports. > > Does anyone have any recommendation for log-analysis software where you > have 20 machines dumping syslog data into one? (I may have as many as > 130 machines at some point; the Windows syslog service on sourceforge > looks intriguing.) > > Thanks, > -Luke > > -- ---------------------------------------------------- | Stephan Wiesand | | | | | | DESY - DV - | phone +49 33762 7 7370 | | Platanenallee 6 | fax +49 33762 7 7216 | | 15738 Zeuthen | | | Germany | | ----------------------------------------------------