What do you guys use to collect syslogs?

The syslog functionality of my server is very basic. It can only receive the message, look at the facility number, and make a decision to alert us or not (based on the facility we configure it to alert on). It can't analyze the syslogs and trigger emails based on the message content, which is what I'd like.

Example: Facility 4 (or 3) include duplex mismatch and link up/down alerts. Well, I really don't care if there's a duplex mismatch between an IP phone and a switch, or if a workstation is unplugged...but I do care if those events occur to a server or router.

Thanks

We just started using it for some server functions, but I know it can do more. Check out Splunk.

Outside of that I normally just use kiwi syslog. Not as granular as you probably want

We use Solarwinds LEM. It's really powerful but you're going to pay dearly.

Im building a solarwinds NMS and syslog is doing alright. I might need to spends more time with it to tweak. In the past i have always been very happy with Zenoss, but its a full blow NMS and might be overkill for just needing syslog monitoring.

_________________
http://blog.movingonesandzeros.net/

I'm surprised no-one has posted about Logzilla - http://www.logzilla.pro/
There's an interesting read on syslogging amongst the documents for Cisco Live London 2012 as well if anyone's curious.

I am! do you have a link?

_________________
http://blog.movingonesandzeros.net/

Linux - syslogd/syslogng
Windows - Kiwi (free and more robust than SolarWinds syslog module), else Splunk (expensive).

If you already have the SolarWinds NMS, then it makes sense to integrate your syslogs with that whole package.

Sure thing dude.
https://www.dropbox.com/s/v1zglvg0higs7 ... S-2031.pdf
I'd link you to in on the ciscolive365 site, but that thing's a ballache. Can't promise how long my dropbox link will stay alive for, so download it before I go off on a mad link-clearing frenzy.

Great link, that's the kind of filtering I was looking for!

Thanks