We're using this: http://www.cert.dfn.de/eng/logsurf/ for processing the 
syslog input from some 450 systems. It works well since we replaced the 
E450 loghost by a dual Xeon 2.8 with 2 GB RAM.

I think it needs quite a bit of configuration, and some attention 
occasionally. But our expert for this tool can do wonderful things with 
it, like sending us just a single mail for events that produce many log 
messages (breaking hard drives), or detecting brute force attacks by 
correlating failed login attempts from different systems.

Stephan

On Tue, 3 Jan 2006, Luke Scharf wrote:

> I've set up my nifty-new syslog server.  However, logwatch just isn't
> cutting it since it stips off the hostname of the machine for each item
> it reports.
>
> Does anyone have any recommendation for log-analysis software where you
> have 20 machines dumping syslog data into one?  (I may have as many as
> 130 machines at some point; the Windows syslog service on sourceforge
> looks intriguing.)
>
> Thanks,
> -Luke
>
>

-- 

  ----------------------------------------------------
| Stephan Wiesand  |                                |
|                  |                                |
| DESY     - DV -  | phone  +49 33762 7 7370        |
| Platanenallee 6  | fax    +49 33762 7 7216        |
| 15738 Zeuthen    |                                |
| Germany          |                                |
  ----------------------------------------------------