SourceForge.net Logo
Download
Online Demo
Documentation
Screen Shots

Current Version: 0.85beta
 It started as a little script to help consolidate the thousands of logs I get into entries that may be just the same info in a different form. This way I can try to find patterns coming from the different servers going to my one syslog server. Also with the worms going around, my firewall sends hundreds of entries for one scan. With these consolidated, I can get a more bird's eye view of what is going on.

Now, it has the capability to do so much more:
  • Database support - everything goes through a MySQL database for correlated events, rules, settings, multiple users and alert rules
  • Ability to merge different syslog messages based on regular expressions, source machine, ip addresses found in the message, port numbers, protocol, regular expressions and even how closely matched the messages are to each other. This makes watching firewall logs or file modifications a reality. In my test environment I've consolidated 200,000 syslog messages to a workable 500. Your milage may vary depending on how you want to configure the rules for consolidation. Or, you can just have them listed singly and still take advantage of the notifications and color coding.
  • Regular expression selection of display messages. If you don't want to look at backup job stuff, just regular expression them out and see everything else. I'm thinking about adding the ability to save display settings per use in the database too.
  • Color coding of messages based on severity levels. You can define your own severity levels and what it takes to match them. Then in those severity levels you specify colors to display on the screen.
  • Alerting to several different destinations. Right now email is just implemented. Planned are also snmp traps, Windows popup, Novell popup, play sound on the server, or instant message to MSN/AIM/ICQ, and running scripts. I could probably add a lot more easily. Also it could only notify you once for a correlated message. For example, you won't get paged 5000 times for invalid login attempts by a user against your server - just once if those messages are correlated together into one.  One idea to throw out is to run a script automatically to repair servers, or email to a helpdesk software automatically for a trouble ticket.  Think self healing networks!
  • Multiple users with password protection. Time permitting I might add different levels of access and what messages each one can see.
  • Totally web based, no remote client required except a browser.

Update 7/28/2004: Some bug fixes in 0.85 and performance enhancements when your log system has too much coming in to process in time. Also in CVS added a Netvision NVMonitor extra to pull data from their product's MySQL database and into syslog so Logcorr can work with it.