Scott H wrote:
> I'd like to create a system to consolidate all
> the logs from my 30 or so Windows and Red Hat
> servers onto one box, put the data into a db and
> allow centralized
> viewing/filtering/sorting/analysis of the logs. 
> Ideal solution would include a means of
> archiving/deleting data beyond a certain age, and
> a web front end for viewing the consolidated logs
> (or some other means to allow MS-only admins to
> be able to access this data in a GUI, cause we
> can't have them look at any TEXT, can we?). Sorry
> if I sound bitter.  :)

For the backend of the system you describe take a look at this article:

http://www.netadmintools.com/art284.html

It gives an overview of setting up a centralized syslog daemon and 
installing an Eventlog to Syslog Utility for the Win32 boxen.  It links 
to two other pages for detailed setup.

Once the backend is set up, you can use your favorite syslog parsing 
tool on a single syslog for your entire network.


-- 
Chris Lewis
shadow@digitalnirvana.com
----------------------------------------
If it compiles, it is good, if it boots up it is perfect.
       - Linus Torvalds
----------------------------------------