Earlier this year I was tasked with the project of creating a central logging server within our domain environment. The idea behind this is to have all of our server’s logs forwarded to one central server that will store, parse, and archive the logs. Through research, I found many different solutions. One of the best solutions happened to be the ELK stack by elastic. Although this solution is very pretty and offers heavy-duty log parsing abilities, I decided to take a different route with something more simple. I eventually stumbled across nxlog, which is a small application that runs as a service and ships logs from a source and repeats them to a destination of your choosing.
Once I had nxlog configured to ship logs to my central logging server, I went searching for a solid product that will display these logs and manage them automatically. I came across Kiwi Syslog Server created by SolarWinds which worked perfectly well for my task. The program is, unfortunately, a paid product, but does some heavy lifting. It has the ability to store all the syslog traffic, archive and compress the old logs, and send notifications through email/text/or SNMP. Within a couple of hours of designing and configuring this project, I was able to complete everything necessary to no longer worry about my logs.
Please note that this guide is written for Windows machines only.
Continue reading “Creating a Central Logging Server with Nxlog and Kiwi Syslog”