Recommend a good free syslog server with a gui?

iFloris

We use splunk, which does a great job. We run it as a vm on a esxi machine.

newbieuser1234

Have you had good luck with security onion? do you like the snort interface on that better than the one integrated into pfsense? Would I set the security onion box as a proxy to the pfsense wan?

jimp

I haven't used it much myself, but cmb does and loves it. We use it internally here but I haven't had my hands on it that much, I just know it comes highly recommended for pretty much anything along those lines.

craigduff

Solar winds!

stephenw10

For an extremely simple syslog server or for temporary use, to solve a specific problem for example, I have used this:
http://tftpd32.jounin.net/tftpd32.html
Of course it only runs under Windows and doesn't have any features at all but sometimes it's all you need. ;)

Steve

Edit: Now I remember where I first discovered tftpd32 had a syslog server: ::)
http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog#Windows

craigduff

Good shout Steve!

jimp

@craigduff:

Solar winds!

It is nice, but it's also not free (see the title of the thread :-)

Looks like they bought the old Kiwi syslog server and now want $300 for it.

craigduff

No way! Sorry i thought it was free! Sorry guys! But i can tell you its good! Even Steve uses it

stephenw10

I may have once tested the Solar Winds server, the name sounds familiar, but I don't use it now.
Tftp32 is free, and open source.

Steve

biggsy

It is nice, but it's also not free (see the title of the thread :-)

I've used Kiwi syslog server for about 10 years.

If you don't buy, after 14 days the full-featured trial version continues to run but drops back to to the limited feature set of the free version but even that is still pretty good. Depends what you need.

Down side is that you have to give Solar Winds an email so they can spam you :(

EDIT: Just re-read the original post and thought the feature comparison (image below) from the readme file might help.

![2013-05-31 17-45-54.png](/public/imported_attachments/1/2013-05-31 17-45-54.png)
![2013-05-31 17-45-54.png_thumb](/public/imported_attachments/1/2013-05-31 17-45-54.png_thumb)

Nachtfalke

This looks free. I am using it not that much but it was the "best" I could find for windows and for free:
http://www.whatsupgold.com/free-software/network-tools/syslog-server.aspx

newbieuser1234

i setup security onion. i was a bit confused on the setup. how can it block port scans, etc via snort if it's on the local network and not in bridge mode between the isp and the router. jimp, do you guys just use the elsa piece of it or do you use snort with it. I thought pfsense was far easier to configure.

jimp

@newbieuser1234:

i setup security onion. i was a bit confused on the setup. how can it block port scans, etc via snort if it's on the local network and not in bridge mode between the isp and the router. jimp, do you guys just use the elsa piece of it or do you use snort with it. I thought pfsense was far easier to configure.

I don't think we use it for snort, but for other things. I'm not 100% clear on how snort works with it in that kind of setup.

The ELSA part is of more interest than snort on there for me.