Here is a tool I find invaluable if you are overloaded with tons of data about your IT systems but can’t get any real information. Splunk allows you to centrally collect and index all text-based data such as syslog and windows event logs, router config files, security data (firewall & IDS), and network management events. You can then search, group, and consolidate that data to make it easier to find out what’s really going on.
In their own words:
Splunk is “the IT Search Engine that indexes and lets you search, navigate, alert, and report on IT data from any application, server, or network device. Securely access logs, configurations, scripts and code, message, traps and alerts, activity reports, stack traces and metrics across thousands of components, from one place, all in real time.”
With a free Splunk license you can index up to 500 MB/day. The commercial version allows distributed searching which I find really useful but if you only need one Splunk server than that shouldn’t matter.
Splunk - funny name; great open source tool…