> Hi
>
> I am using rsyslog to get logs to a central box and they are stored in the
> format of
>
>
/<hostname>/<year>/<month>/<day>/<logfilename>
>
> I need a solution that can trawl through these directories and pick up
> exceptions like failed logons and sudo usage that sort of thing.
>
> Has anyone got any clues as to what might help to achieve this, i am
> looking
> into logsurfer but not sure if this handles the directory structure
> nicely.
>
> thanks for any tips
Good question.
How many servers do you have to collect logs from?
I'd like to hear of people who have used both Splunk and/or prelude in an
environment with, say, 500<x<1000 servers, for collection of logs and can
voice a few opinions.
The problem, as the author recognizes, is not collection but retrieval and
processing (a cron-job that deletes them periodically does not qualify as
"processing"...).
Rainer