Free syslog software for linux

A utility for feeding log messages from syslog-ng into a database.
Main features:
- Written in C#, tested with Mono 1.1.7/1.1.8 and syslog-ng 1.6.x
- Set to work with PGSQL and MySQL, but can be easily extended to use other databases (like Oracle or MS SQL or even an embedded DB)
- Only works with the default syslog template
- Supports a buffered mode so that if DB writes take a while, it will not block on reading the log information

Linksys Syslog captures the snmp trap messages from a Linksys router and saves these to syslog. This daemon is very small robust and it does its job.

Ive gotten this router from a customer/partner DH computers to look at the VPN capabilities. Eventhough these broadband routers are small and cheap their VPN cabalities are okay. Its certainly not a Cisco PIX, but then again the Linksys costs 4 times less. The Linksys is very usable for the SOHO market and with no effort at all you can configure this device as a xDSL/Cable router.

After having looked at the specs I wanted to return this device to our customer/partner he told me that he gave it to me and if I didnt find a use for it that the company I worked for IT=it could keep it. So I decided to use this device because it has a 4 ports 100Mb/sec switch and I was still working on a 16 port hub at home.

After having updated the firmware to properly support MXSTREAM/PPTP I configured the router. But I wanted to setup logging for all in and outgoing traffic the way that I also had with my FreeBSD ipfw and ipf firewall. So I switched on Logging to my FreeBSD box. It struck me that I couldnt set the syslog facility and warning level, so it didnt seem like syslog. A quick snif with tcpdump revealed that the Linksys uses snmptrap to send the log requests. I used Ethereal to look in the packet to determine the layout of the snmptrap packet. The first 73 bytes are control data telling how large the payload, snmp version, etc. So I decided to only focus on the data from char 73 to the rest of the packet.

The program is very simple and straight forward. A UDP socket is opened and bound to port 162, the snmptrap port. The program goes in a loop and waits for data to be read; the programming works blocking. When data is in the read buffer the data is parsed by setting the string pointer to the 73 character. It is then being send to the syslog using syslog(), for the BSD version I used the SECURITY facility, for the non-BSD I use the DAEMON facility. The server is not multi client, which is not necesarry for this application. The handling is done so fast that theres no need for forking new processes or spawning threads. And since it is UDP we will not have to handle an accepts asynchronously to the actual client handler any way, data is being send and stored in the receive buffer by the IP stack.

Rsyslog is a FREE software, GPL lincesed enhanced syslogd. Among others, it offers support for MySQL and fully configurable output formats (including great timestamps). Rsyslog was initiated by Rainer Gerhards. It has been forked from the sysklogd standard package.
The goal of the rsyslog project is to provide a more configurable and reliable syslog deamon. By "reliable", we mean support for reliable transmission modes like TCP or RFC 3195 (syslog-reliable). We do NOT imply that the sysklogd package is unreliable.
In fact, the opposite is the case and we assume that for the time being the well-used sysklogd package offers better program reliability than our brand-new modifications to it.
The name "rsyslog" stems back to the planned support for syslog-reliable. Ironically, the initial release of rsyslog does NEITHER support syslog-reliable NOR tcp based syslog. Instead, it contains enhanced configurability and other enhancements (like database support).
The reason for this is that full support for RFC 3195 would require even more changes and especially fundamental architectural changes. Also, questions asked on the loganalysis list and at other places indicated that RFC3195 is NOT a prime priority for users, but rather better control over the output format.
So here we are, with a rsyslod that covers a lot of enhancements, but not a single one of these that made its name
The next enhancement scheduled is support for the new syslog-protocol internet draft format, not the least to see how easy/complicated it is to implement. We already know that some subleties of syslog-protocol will require at least one considerable architectural change to the syslogd and this might delay things a little.
Our immediate goal is to receive feedback and get the bugs out of the current release. Only after that we intend to advance the code and introduce new features.
Whats New in 1.19.1 Development Release:
- a bug that caused a high load when a TCP/UDP connection was closed is fixed now - Thanks mildew for solving this issue
- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the patch
- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter Vrabec and darix, both provided a patch for solving this issue
- enhanced the unloading of modules - thanks again varmojfekoj
- applied a patch from varmojfekoj which fixes various little things in MySQL output module

Andutteye Software Suite is a systems management tool. Andutteye Software Suite has a modular design and every module targets different tasks of systems management.
Andutteye Software Suite will let you manage all aspects of the IT infrastructure, helping to ensure availability, monitor, tune, and optimize performance.
Andutteye Software Suite will make it easier to support and maintain your entire enterprise as a single entity from a central point of operation.
The webinterface has oustanding features like:
- css stylesheet and theme support
- Language support
- Support and complete integration for monitoring, management and change module
- Role based access control to aes objects
- Centralized configuration administration for monitoring and management
- Tweak and present aes gathered data with graphs or reports
- Rss syndication support

hslogger is a logging framework for Haskell, roughly similar to Pythons logging module. The project lets each log message have a priority and source be associated with it.
The programmer can then define global handlers that route or filter messages based on the priority and source. hslogger also has a syslog handler built in.
Main features:
- Each log message has a priority and a source associated with it
- Multiple log writers can be on the system
- Configurable global actions based on priority and source
- Extensible log writers (handlers)
- Default handlers that write to the console, file handles, or syslog
- Easy to use operation

Rxlogd is a receive-only syslog server (collector) that can coexist with sysklogd. The project features simplicity, ease of use and a built-in dns cache for high performance.
An example logrotate configuration file is provided.
The intended audience is users of enterprise systems stuck with sysklogd or administrators who dont need more complex syslog server solutions.
Written in Python, rxlogd is architecture-independent. It was tested on i386 and x86_64.
No extra libraries are required.
Usage:
- Install the RPM or the sources from the download page on the machine intended to store syslog for others.
- Red Hat users can simply install the RPM and enjoy the defaults: logs will be stored in /var/log/remote (which will be created for you) and the daemon will run as user nobody. Also, logrotate will rotate 5 copies of your logfiles in that directory.
- Optionally, edit /etc/sysconfig/rxlogd for username to run as (examples are provided). Edit /etc/logrotate.d/rxlogd to change log rotation/retention parameters and to update changes made to the config file.
- Refer to the syslog documentation on how to configure the clients (the machines which will send syslog to your server).
Enhancements:
- Logrotate now uses a separate directory to store old logs in, fixing a bug.
- Minor cosmetic changes to init script.

Log4c is a library of C for flexible logging to files, syslog and other destinations. The project is modeled after the Log for Java library, staying as close to their API as is reasonable. Here is a short introduction to Log4j which describes the API, and design rationale.
Mark Mendel started a parallel log4c projet with a different philosophy. The design is macro oriented, so much lighter and faster which perfect for kernel development.
Supported Platforms:
- HP-UX release 11.00
- Tru 64 release 4.0F and 5.1
- Red Hat Linux Intel release 7.x, 8, 9
- Red Hat Enterprise Linux 3, 4
- Solaris Intel release 8, 9, 10
- FreeBSD 6.1-RELEASE
- AIX 5.3 (witk xlc compiler)
- Mac OS X
- Windows X

LooperNG is an intelligent event routing daemon. Primarily used for Network Management, this application can be used to accomplish a variety of tasks related to logging and alerting.
It is a modularised, rules-based event routing system that is flexible and easy to use. It is primarily deployed by network / security management groups as a central event gateway or an SNMP trap collection and forwarding station.
LooperNG events can be in the form of SNMP traps, Syslog Alerts, lines in a Log File, Sockets etc. Events can be received and generated such that an event can arrive in one form (e.g., SNMP) and forwarded in another form (e.g., Syslog). LooperNG can also receive events from systems like Nagios, Snort, Mon etc. and forward to other systems like a MySQL database, Netcool/OMNIbus, or just send an e-mail. Modules for new types of events can be easily written.
LooperNG was designed to improve on some of the limitations Looper (muthanna.com/looper). It is built completely from scratch with a cleaner more scalable architecture and is based on the Perl language.
Main features:
- SNMP Trap forwarding, exploding and rewriting (enhancing).
- Event generation for demos, debugging, troubleshooting etc.
- Event Enrichment and Escalation.
- Intelligent routing, rerouting and processing of events and alerts.
- Monitoring logfiles, syslog events, intrusion events etc.
- Forwarding alert history to databases, logfiles etc.
- Used as ad-hoc Netcool Probes.
- Used to replace HP Openview NNMs trap collection features.
- Centralize alerts in a LooperDB database.