the best top 5 lists on the web!!

Best Top 5 List:

Free Web Graphics - Here is a list of the top 5 free web graphics. Not many of us have a top of the range photo...

Top 5 Open Source Log Management Tools

Aug 24, 2017 - Website Tools / Free Services - by nxlog When an operating system such as Windows or Linux is running, there are many events and processes running in the background to enable efficient and reliable use of system resources. Both the OS and applications generate log messages of events to be reviewed by System Administrators to check performance issues. Open Source Log Management Tools come in handy to continuously monitor and analyze system events to be able to easily identify problems in high availability production environments.

NXLog View Website

#1
+The NXLog (Community Edition) is an open source, high-performance, multi-platform log management solution aimed at processing events of thousands of different servers, devices, applications, appliances producing vast amounts of event log messages.

Main features include:
- Open source
- Multi-platform - support for GNU/Linux, IBM AIX, Solaris, HP-UX, BSD, Android and Microsoft Windows (from XP through 2012)
- Modular architecture through dynamically loadable plugins
- Scalable, high-performance I/O - collect messages at blazing speeds (can achieve above 500k EPS)
- Message buffering and prioritization - no lost or dropped messages
- Scheduled tasks and built-in log rotation
- Support for different formats such as Syslog, CSV, GELF, JSON, XML, Windows EventLog and even custom formats
- Offline processing mode for post processing, conversion or transfer
- Event correlation
- Secure network transport over SSL
- Internationalization for supporting different character sets.
-The following features are only available in the NXLog Enterprise Edition:
- Real-time event correlation and classification
- Remote administration and statistics.

Graylog2 View Website

#2
+This logging system is highly pluggable and enables centralized log management from many systems. It is integrated with external components such as MongoDB for metadata and Elasticsearch used to keep logfiles and enable text search.

Graylog 2 has the following features:
- Ready for enterprise level production
- Includes a dashboard and an alerting system
- Can work on data from any log source
- Enables real time log processing
- Enables parsing of unstructured data
- Extensible and highly customizable
- Offers an operational data hub.
-The cons of Graylog2:
- Graylog2 only has support for syslog and GELF
- Maintenance is very difficult because of the high volume nature of logs
- The interface is hard to use, loaded with data, and difficult to understand.

Logcheck View Website

#3
+Logcheck is designed as a cronjob on an hourly basis and on every system reboot by default. Three are different levels of logfile filtering are developed in this logging system which include:
- Paranoid: is intended for high-security systems that are running very few services as possible.
- Server: this is the default filtering level for Logcheck and its rules are defined for many different system daemons. The rules defined under paranoid level are also included under this level.
- Workstation: it is for sheltered systems and helps to filter most of the messages. It also includes rules defined under paranoid and server levels.

Logcheck is also capable of sorting messages to be reported into three possible layers which include, security events, system events and system attack alerts. A System Administrator can choose the level of details to which system events are reported depending on the filtering level though this does not affect security events and system attack alerts.
-The cons of Logcheck:
- Logcheck is available for Linux only
- Installation and configuration is difficult (Linux experts only)
- Does not run in real-time, since it's triggered as a scheduled cronjob
- The filters are nothing more than extended regular expressions (such as understood by egrep)
- Log messages are assigned to one of four available categories.

Logwatch View Website

#4
+Logwatch is a Linux/Unix system logfile analyzer and reporter that can be easily customized and it also allows a System Administrator to add additional plugins, create custom scripts that serve specific logging needs.

What it does is to review system logfiles for a given period to time and then generates a report based on system areas that you wish to collect information from. One feature of this logging system is that it is easy to use for new System Administrator and it also works on most Linux distributions available and many Unix systems.
-The cons of Logwatch:
- Logwatch is available for Linux only
- Installation and configuration is difficult (Linux experts only)
- Logwatch does not provide real time alerts. It can be run manually, or by a cronjob
- Filtering logic is directly encoded in each Perl script (one script per daemon), so knowing Perl language for filter configuration is a must
- Timespan specification is pretty complex
- The program is abandonware and most scripts are outdated, code maintenance efforts are very limited.

Logstash View Website

#5
+Logstash is also an open source data collection and logging system available on Linux, which capable of real-time pipelining, which was originally designed for data collection but its new versions now integrated several other capabilities such as using a wide range of input data formats, filtering and also output plugins and formats.

It can effectively unify data from various log source systems and normalize the data into targets of a System Administrators’ choice. Logstash also allows System Administrators to cleanse, compare and standardize all their logging data for distinct advanced analytics and also create visualization use cases as well.
-The cons of Logstash:
- Since Logstash is essentially a stack, it means you’re dealing with three different products. That means that extensibility also becomes complex.
- Logstash filters are written in Ruby, Kibana is pure javascript and ElasticSearch has its own REST API as well as JSON templates.
- When you move to production, you’ll also need to separate the three into different machines, which adds to the complexity.
- Logstash does not come bundled with a UI, to visualize data you need to use a tool like Kibana or grafana as the UI
- Simple filters seem easy enough with a pattern like %{SYNTAX:SEMANTIC} but often RegEx is required. RegEx is a powerful backdoor but it is also dense and hard to learn
- Logstash does not have any native alerting capabilities
- You have to host and maintain it yourself. This can be a challenge as log volume increases.

Disagree with this list? Can you make a better one? Create your own top 5 list for free, here.


Top