Logsurfer- Tool for Observing log files

It is really difficult for a system administrator to manually monitoring and analyzing  a log files to find any unusual activity.The collected log messages in log file which consists of thousands of lines could analysed easily only with help of a good management  software. So here we are trying to find out how logsurfer is making difference  in  system admin’s job to narrow down unusual activities.

Logsurfer is a program for monitoring system logs in real-time ,and reporting on the occurrence of events.Logsurfer is capable of grouping informations together to enhance loganalysis and create automatic reports.Logsurfer examines messages in a log file in terms of how they relate to other messages.It also capable of changing ruleset at runtime.Logsurfer can be used to detect unusual and security events before they develop into serious issues.
Most important thing is Logsurfer can be tweaked and tuned to only send a single alert containing all of the relevent informations rather than sending huge number of mail alerts.So no need to worry about spamming your inbox like other tools does.

Features of Logsurfer (From Logsurfer website)

• Works on any textfile (or text from standard input)
• Matching of lines is done by two regular expression (logline must match the first expression but must not match the optional second regular expression). So you are able to specify exceptions.
• Uses contexts (collection of messages) instead single lines
• Flexible but easy configuration
• Timeouts and resource limits included
• Handles “shifting” of logfiles (just send a -HUP signal to close and reopen the logfile after you have moved the old one to another place and created a new one)
• Dynamic rules can change the actions associated with log messages (something might happen that makes you interested in messages you would usually drop)
• Multiple reactions on one logline possible
• Portable written C-code (uses GNU regex library and autoconfigure)

Download