syslog Replacements (UNIX)

syslog-ng

syslog-ng Frequently Asked Questions

Encrypting traffic to a remote syslog-ng server including SSL peer authentication

Sample chapter from "Building Secure Servers With Linux" (O’Reilly and Associates) covering syslog-ng

Building a central loghost with syslog-ng

Nate Campi’s sample syslog-ng configuration file
Nate Campi’s sample syslog-ng config for Solaris

syslog-ng configuration file from FateLabs
Sample configuration for syslog-ng central loghost
Sample configuration for a syslog-ng client system
San Diego SuperComputer Center syslog
minirsyslogd - Mikael Olsson’s minimal log server, designed to handle high volumes of syslog traffic from remote devices. Runs under any UNIX, and includes the facility and level tags in the messages it receives. New version released October 2003.
idsa - an experimental reference monitor, logger and IDS. The log implementation includes verification of system information (such as PIDs), rather than assuming that an application will log the correct information; built in quotas and rotation mechanisms; structured log message formats; and granular filtering capability. The software is licensed under the (L)GPL and includes a syslogd implementation. Marc Welz maintains the package.
Modular syslog: a syslog replacement that includes data integrity checks, easy database integration, and output redirection using regular expressions.
Do you Trust your System Logs?: a layman’s description of the integrity checks used by the Modular syslog package, as well as tips on integration.

nsyslog: nsyslog supports TCP connections for log transfer, and with SSL allows for encrypted delivery of syslog messages across the network. Contact Darren Reed for more information.

Flexible Logging: OSSP l2 - [From the abstract] OSSP l2 is a C library providing a very flexible and sophisticated Unix logging facility. It is based on the model of arbitrary number of channels, stacked together in a
top-down data flow tree structure with filtering channels in internal nodes and output channels on the leaf nodes.

sysklogd The sysklogd package implements two system log daemons. The syslogd daemon is the general system logging daemon which is responsible for handling requests for syslog services. This version of syslogd is similar to the standard Berkeley product but with a number of compatible extensions. The klogd daemon runs either standalone or as a client of syslogd. Klogd ‘listens’ to kernel log messages, prioritizes them, and routes them to either output files or to syslogd.

Secure syslog tools

socklog: Gerrit Pape’s small, secure replacement for syslog.

algr: a reliable, robust and high performance event logging mechanism.

Snare: An audit event collection, analysis, reporting and archive service, and security ‘agents’ for multiple operating systems and applications.

multilog: Dan Bernstein’s high performance, high reliability local replacement for syslog

Jeff Saxe’s intro to multilog

Background & Standards

Logging Infrastructure

Data Analysis

Resources

syslog Replacements (UNIX)