Best route for syslog parsing?


#1

Hello, new Nagios user here. Its clear that Nagios does not natively handle syslog parsing. So I am trying to determine the best method to provide that functionality. I’ve seen the use of “check_log”, “check_logfiles”, and “check_syslog_gw” plug-ins. Any comments on which one works the best, especially for large environments? Are there other, better plug-in suggestions?

Even more broader of a question, in lieu of Nagios, what open source tool would you use to parse syslog events to determine levels of criticality and display the events in a web front-end? (ie Basically I’m looking to reproduce Netcool functionality in OSS)

Thanks for any replies,

  • Steve

#2

I’m actively considering Splunk

splunk.com/product

This is the direction that Professional Nagios is going for interrogating logfiles.
nagios.org/products/enterpri … ons/splunk

There’s a free edition, which you’d have to integrate yourself…

Just as a WAG without thinking about it much, one thing you could do after getting Splunk going is configure it to do something like
put a certain output file in a given directory, and then use check_file to see if there’s a warning file in the directory.

I think Splunk itself has all kinds of warnings, alerts, abilities to do X upon noticing thing Y and so on.
but if you want a tie-back to Nagios, that’s one way to do it, albeit probably not the best.

There’s probably something way way simpler that I just haven’t read about yet.


#3

Thank you for your input treimers.