KWLUG Meeting: Monday, August 10 2009

Syslog servers and log parsing

Meeting Date

NOTE: This meeting is scheduled to be held at the Heuther Hotel in Waterloo. It will be held in the Heuther boardroom, which is on the third floor of the building (go up the second floor, through the bar and up one more flight of stairs).

Computers generate a lot of logs. Sometimes the logfiles contain useful information or warnings about your computers, routers, printers and other devices on your network. Reading and understanding all those logs can quickly get overwhelming, but a syslog server can help.

In this presentation Paul will discuss his experiences setting up a syslog server using rsyslog, tenshi and SysLogAgent:

  • rsyslog is an update to the syslog daemon that is packaged by default in Fedora, Debian and Ubuntu
  • tenshi is a log analysis and summarization program
  • SysLogAgent allows you to read logfiles and events from Windows machines and send them to a syslog server

The presentation will cover the principles of syslog servers, some tricks for configuring and debugging them, and some limitations and "future work".

UPDATE: Here are the slides (in PDF format) and slide sources (in LaTeX format) used for the presentation.