SYSLOG Options for Unix and Windows

Many companies are trying to standardize SYSLOG formats for long term retention, search and regulation compliance. Yes - regulation compliance. In some cases, data from SYSLOG on servers and networks may be required to be saved for compliance with regulations such as Sarbanes Oxley.

Here are two great options for SYSLOG replacements/enhancements.

Unix -

SYSLOG-NG is an open source syslogd replacment for Unix and Linux. It allows you to do regular expression matching, multiple destinations and even invoking another program to do something with the data.

Windows -

Kiwi Syslog is freeware (at last look) that will run on a Windows server and listen for SYSLOG traffic. Once the syslog data is received, it rolls a file daily with and does some simple reporting. This would allow you to create a Windows based SYSLOG collector.

The free version does not take Windows event log and turn it into SYSLOG - you would need something Event Reporter to do that. Event Reporter gets installed on every Windows server that you to collect Event Viewer data from and sends it to a SYSLOG collector.

Before you embark on any long term storage project for SYSLOG data, remember to build a scalable solution. The storage requirements will grow exponentially into the terabytes.