[CentOS] Logserver recommendations

Fri Apr 16 15:38:15 UTC 2010
rainer at ultra-secure.de <rainer at ultra-secure.de>

> Hi
> I am using rsyslog to get logs to a central box and they are stored in the
> format of
> /<hostname>/<year>/<month>/<day>/<logfilename>
> I need a solution that can trawl through these directories and pick up
> exceptions like failed logons and sudo usage that sort of thing.
> Has anyone got any clues as to what might help to achieve this, i am
> looking
> into logsurfer but not sure if this handles the directory structure
> nicely.
> thanks for any tips

Good question.
How many servers do you have to collect logs from?

I'd like to hear of people who have used both Splunk and/or prelude in an
environment with, say, 500<x<1000 servers, for collection of logs and can
voice a few opinions.

The problem, as the author recognizes, is not collection but retrieval and
processing (a cron-job that deletes them periodically does not qualify as