Tuesday, February 10, 2009

Snare - Log collection tool

Too many logs to keep track of?  Missing critical events because it's too much work to manually check the event logs on all your servers?  Can't fix what you can't see?!?!?  Try Snare.  Snare  "provides front end filtering, remote control, and remote distribution for Windows eventlog data."  image We use this tool on all our servers to forward event logs to a Linux box running syslog-ng.   We also point all our infrastructure gear and linux servers (again with Snare) here. We view the logs via phpLogCon a web based front end.  This combination works really well to centralize all of our logs.   Snare is named after the pneumonic  "System iNtrusion Analysis & Reporting Environment."  There are versions of Snare for just about every operating system as well as a customized version called Epilog for IIS, ISA, Apache, Squid and Lotus Notes.  If you haven't centralized your logging yet take a byte out of this tool!

No comments: