Log files will tell you what went wrong when the system suddenly stops working. They will also help you monitor any system changes and can even help you enforce the security of your network.
Log files are such an essential element of your network administration information sources that there are tools produced specifically to help you manage them.
Here’s our list of the best log management tools & analysis software:
- Datadog Log Collection & Management – EDITOR’S CHOICE A cloud-based log collector, organizer, and interface. This system also offers an archive manager and you can choose whether to bundle in a storage package or store to your own cloud account. This is a SaaS platform. Start a 14-day free trial.
- SolarWinds Security Event Manager (FREE TRIAL) Perfect for identifying, logging, and responding to suspicious events on your network in real-time. A great tool for helping you analyze and make sense of complex log data and ideal for preparing compliance reports. Start 30-day free trial.
- SolarWinds Papertrail (FREE PLAN) Cloud-based service has file content filtering capabilities and can extract records by date to help you with your event management tasks.
- Graylog (FREE PLAN) This log management package is available in four versions and two of them are free to use. Offered as a SaaS platform or as a virtual appliance.
- Loggly (FREE TRIAL) A cloud-hosted log analyzer that transfers data to remote servers for analysis. Available in free and paid versions.
- Auvik (FREE TRIAL) This cloud-based network monitor includes Syslog collection and access with a retention period of 14 days.
- ManageEngine EventLog Analyzer (FREE TRIAL) A SIEM tool that hunts for intruder threats. Installs on Windows, Windows Server or Linux.
- Sematext Logs (FREE TRIAL) A system monitoring service, based in the cloud that offers a specialized standalone logfile monitoring product.
- Opmantek opEvents (FREE TRIAL) A log manager that is an add-on to the Network Management Information System. Installs on Linux.
- ManageEngine Log360 (FREE TRIAL) A log manager and SIEM system that includes collection agents that install on each endpoint. Runs on Windows Server.
- Paessler PRTG Network Monitor (FREE TRIAL) This monitoring system covers networks, servers, and applications; it includes a Windows Event Log sensor and a Syslog Receiver.
- Splunk Comprehensive log management solution for macOS, Linux, and Windows.
- Fluentd Cloud-based hub for log file information gathered by an agent on your system.
- Logstash Part of the free Elastic Stack, this is a log data gathering tool.
- Kibana This is the data viewing application of Elastic Stack; commands available with Kibana include basic file management that can split out any log file by date.
- XpoLog This utility can analyze data from Apache server logs, AWS, Windows and Linux event logs, and Microsoft IIS.
- Managelogs A free, open-source utility to manage Apache web server logs.
Once you find a log management tool that you like, you will grow to be dependent on it for a range of admin tasks, including Security Information and Event Management (SIEM) and real-time log monitoring of your network and its equipment. If your favorite tool goes out of production, you will need to find a replacement quickly to enable you to continue to manage event logs and sort through all of your log data.
The best log management tools and analysis software for Windows, Linux, and Mac
What should you look for in a log management and analysis tool?
We reviewed the log management and log analysis software market and analyzed tools based on the following criteria:
- The inclusion of a log message collector, a server, and a consolidator
- The ability to create logfile names with meaningful structure and rotate them, opening new files periodically
- The creation and maintenance of a log file directory structure
- A data viewer that includes data analysis functions, such as filtering and sorting
- Data portability
- The offer of a free demo or trial for a no-cost assessment
- A good deal that offers valuable services at a reasonable price
Datadog provides systems monitoring tools from the cloud. One of its services is a log server system. Being based on a remote server in the cloud, the Datadog Log Manager is not bound by the log standards of specific operating systems. So, it is able to collect logs generated under the Syslog standard used on Linux and also Windows Event messages.
The Log Management system of Datadog collects log messages traveling around your network through an agent program. These records are uploaded to the Datadog server where they are consolidated into a neutral format. This makes them searchable with the Datadog system.
The SaaS dashboard of Datadog includes a log file viewer that has analysis facilities, such as search, sort, and group. The Datadog servers provide storage for live logs and also for archives. A Datadog utility makes archives accessible, bringing them back to current storage and making them accessible again.
The Datadog Log Management service is available as two subscription services. These are Ingest, which is the main log server, and Retain or Rehydrate, which is the archiving and log storage and archiving service.
The software for Datadog Log Management is essentially free. The company charges for the data throughput that the services handle. Datadog is able to collect and process log messages from many servers and it doesn’t matter where they are. The service can also collect logs from cloud servers.
Datadog offers 14-day free trials of both Ingest and Retain, or Rehydrate. The two services are subscribed to separately, but it is unlikely that you would choose only one of them. Datadog produces other infrastructure monitoring services and they all integrate with the Log Management system.
Datadog Log Collection and Management is our top pick for a log management tool because it has a modular structure, letting you decide whether you just want a service to process log messages or also store and archive them. This package is able to collect and consolidate a range of log message formats through the activation and installation of on-site collectors. The Datadog system will consolidate these different message types, showing them in the dashboard as they arrive and calculating throughput statistics. The package will store logs to file and you can choose whether to use a Datadog storage space or save to your own servers or cloud accounts.
Official Site: https://www.datadoghq.com/free-datadog-trial/
Unlike Cronolog, the SolarWinds Security Event Manager isn’t free. However, you can get access to it on a 30-day free trial. This is a very comprehensive log management system, and it would be particularly useful for large organizations. It will enable your real-time log monitoring and help you locate each event log quickly.
This software runs on the Windows Server operating system, but it is not limited to managing logged events that only arise on Windows. The manager is a cross-platform utility that will deal with all of your system logging tasks, no matter which operating system they come from.
An amazing feature of this log manager is that it will verify the information in your log files by separately tracking real-time data. This is a great security feature in these days of advanced persistent threats when hackers regularly changelog files to cover their tracks. This is an example of how the SolarWinds Security Event Manager extends beyond the historical need to check what happened when things go wrong.
Today, log file management has become a function of system security and data integrity routines. Thanks to the EU’s new GDPR requirements, data protection has become a vitally important system administration priority. The need to patch data leaks quickly makes log files a primary source of information. Extra features of this tool include USB memory stick management and event analysis functions.
This log manager is also a good choice for sites that require standards compliance. The Log and Event Manager automatically generates HIPAA, PCI DSS, SOX, ISO, NCUA, FISMA, FERPA, GLBA, NERC CIP, GPG13, DISA STIG reports demonstrating compliance or highlight gaps for remedial action.
Security-sensitive sites need a lot more from their log management tools than Cronolog could offer. So, if you are looking for a replacement utility and you also need SIEM features, think about what your company needs now from a log management system, not what you could get away with back when Cronolog was first written.
SolarWinds Security Event Manager is great for analyzing complex data logs straight out-of-the-box. With a commanding dashboard, you can identify, analyze, and respond to suspicious events on your network in real-time. This log manager is also great for arranging log data into reports for compliance and auditing purposes.
Start 30-day Free Trial: solarwinds.com/security-event-manager
OS: Windows 10 and later, Windows Server 2012 and later, Cloud-based: Hypervisor, AWS and MS Azure
Papertrail is a log management system produced by SolarWinds, a leading network software producer. The main purpose behind Papertrail is to centralize all log file data in one place, so it is a log aggregator. That makes it markedly different from Coronolog, a logfile parser. That said, Papertrail’s file content filtering capabilities can extract records by date to help you with your event management tasks.
You can use Papertrail to examine a range of log files, including Windows events, Ruby on Rails program messages, router and firewall notifications, and Apache server log files. The log management service is cloud-based, so you don’t need to worry about whether it will run on your operating system. You access the dashboard through your web browser.
The price for the service varies depending on the search volume that you put through it. There is a free plan that gives you a data throughput allowance of 100 MB per month. That is not very much, but if you limit your service coverage to just Apache logs, you might be able to get away with it. The cheapest paid plan gives you a data allowance of 1 GB per month for $7. The paid plans work on a subscription basis and you pay a monthly fee.
Each plan lets you view a period of data and allows you to archive data for a different length of time. For example, the free log management service lets you operate on data from the last 48 hours and you can archive data for seven days. This would be enough to emulate Cronolog, because for that, you only need to look at one day’s worth of data at a time.
Graylog is a log management tool that can be adapted to system performance monitoring and security systems, such as a SIEM service. The package is offered as a cloud-based service and there are also versions that can be installed on premises as a virtual appliance. The tool includes agent programs to collect log messages and it is able to merge formats, including Windows Events and Syslog.
The Graylog package was originally an open-source, free system. However, the organization now offers a paid tool. The free version is still there and it is now called Graylog Open, which installs on Linux or on a VM. You get access to community forums with the free system but no professional support.
The new commercial Graylog is offered in three editions and one of those is free to use. That is the Graylog Small Business service, which is a software package for installation over a VM, as is the Enterprise edition. The third package is Graylog Cloud, which is a SaaS platform.
As well as collecting operating system messages from Windows Events and Syslog, this tool is able to gather application logs. All formats are consolidated into a common format and log arrival statistics are shown live in the Graylog dashboard. The system manages log files, creating a meaningful directory structure and rotating log files daily. The system also shows live tail messages in the data viewer of the console.
The usage of the log message contents is up to you. It is possible to analyze data from the messages by recalling stored files or working on the live tail data as it comes in. The viewer includes analytical features, such as sort, group, and filter.
Although the system can be used to show live performance data, you have to set those screens up yourself. Most of the work is done for you with a library of templates and widgets. Connect a display format to a data source, which would be a saved query.
The Security Monitor package in the Graylog system includes detailed pre-written templates that offer a range of detection scenarios. These can be implemented with Security Orchestration, Automation, and Response (SOAR) to interface with network security systems, such as a firewall or access rights manager to reap detailed activity information and then to suspend accounts or block communication with specific IP addresses if suspicious activity is detected.
You can assess Graylog in a number of ways. You have the option to download Graylog Open to try out the log management capabilities of Graylog. There is also the possibility of using the free Graylog Small Business for trialing the system because this has all of the functions of Graylog Enterprise but it is limited to processing up to 2 GB of data per day. You can also get a demo of Graylog Cloud.
Loggly is a log consolidator that is based in the cloud. This hosted log management tool also offers log analysis facilities. A big advantage of this cloud-based approach is that you don’t need to maintain any log management software in order to use the utility. Your on-premises system needs to be coordinated to the Loggly service so that it will upload your standard log files periodically to the online server.
As a consolidator, Loggly reformats the uploaded log file records into a standard format. This allows the analyzer to process records from several different sources and enables you to monitor events across your system, regardless of the operating system or methodology that generated those event records. The sources of log file messages aren’t limited to your on-premises servers. It is also able to process records generated by online servers, such as AWS and it can include messages created by applications such as Docker and Logstash.
A possible point of vulnerability in this operating model lies in the transfer of data. However, you no doubt already use a protected file transfer system, such as FTPS. The TLS protection embedded in that standard will protect your data during uploads. TLS also covers data transfers from the Loggly server to your browser, through the HTTPS protocol.
The Loggly service is offered in three service plans. The entry-level package is free to use. This is called Loggly Lite. Each plan has a data processing limit and you might find that the limits on the free service do not give you enough space for your log data. You are allowed to upload 200 MB of log data per day with Loggly Lite and the system will retain each record for seven days.
The Standard package of Loggly gives you an upload allowance of 1 GB per day and stores each record for 30 days. You also get multiple user account access with the paid packages. With the Standard package, you can have three user accounts. The higher-paid package has no limit to the number of users you can set up on your account. That plan, which is called Loggly Enterprise, is a bespoke package with prices depending on the amount of upload capacity and the storage period that you require.
Loggly is a subscription service, which you can pay annually or monthly. You can get a 14-day free trial of the Standard plan. If you decide not to continue with this plan at the end of the trial period, your account will be switched automatically to the free Loggly Lite plan.
Auvik is a cloud-based system monitor for networks. The service is able to track activities on a network by installing a local agent on a server connected to the network.
Syslog messages are automatically circulated around the network by Linux distros and can be activated by a range of applications such as the Apache Web Server. If you have set up your applications to generate Syslog messages, they will be sent out onto the network and you need to install a collector and a server to gather these messages and make use of the information that they contain. The Auvik agent acts as a collector.
There is a Syslog server built into the Auvik cloud system. The agent will upload all of the Syslog messages that it encounters. The Auvik Syslog server then files the messages. There is no need for consolidation, which involves converting the format of log messages from different sources because all of the logs are in the Syslog format.
Auvik doesn’t collect Windows Events or log messages that aren’t in the Syslog format. However, if you set up a Windows Event forwarder, you can get that package to convert collected messages into the Syslog format. Once those messages are put back onto the network, the Auvik agent will pick them up automatically.
The Auvik package includes the processor to run the system monitoring software and also storage space. That space enables Syslog messages to be retained for 14 days. After that period, you can set up an archiving system or move the messages onto a secondary log file store.
The user console of Auvik is available for access through any standard Web browser. One of the features in the interface is a Log Viewer. This has the ability to list messages and provides search, sort, filter, and grouping functions for analysis. These functions are useful. However, you might choose to bounce logs through to a third-party tool, such as Elasticsearch or Splunk.
Auvik isn’t primarily a log management tool. The Syslog server is an additional service that is included for free with a subscription to the main network monitoring package. The Auvik system automatically searches a network and identifies all of the Layer 2 and Layer 3 devices that run it. This sets up an inventory of the network, through which the network can be supervised.
The Auvik system is offered in two plan levels: Essentials and Performance. The log management system is included in the Performance package. Auvik doesn’t publish the prices for either plan because the price you pay depends on the size of your network. You can assess the system with a 14-day free trial.
The ManageEngine EventLog Analyzer is more than a log file server. It is an intrusion detection system that looks for threats to the network.
Just about every piece of equipment and software in your business generates log messages periodically and in response to exceptional events. The EventLog Analyzer catches these messages as they move around the network and stores them to file.
The main source of messages is the Windows Event Log system and Syslog messages that arrive from Linux systems. The EventLog Analyzer also picks up log messages from Apache Web Server, database systems, firewalls, network equipment and security software.
Once log messages are stored in files, they need to be archived periodically. The files have to be organized in a logical manner, which makes the events of specific dates easy to access. The EventLog Analyzer handles all of that logfile management work. As a source of disclosure on unauthorized activity, log files are often targeted by hackers to remove traces of their intrusion. The EventLog Manager monitors changes to logs and blocks unauthorized access.
Log data is a rich source of information on the status of your system equipment. The analysis module of the EventLog Analyzer uses log information to audit user access to critical resources. This is particularly important in the hunt for intruders. Intrusion might not just be the unauthorized access by outsiders, but it could also be inappropriate data access by staff.
The EventLog Analyzer also audits the activities of applications, checking on the operations of Web servers, DHCP servers, databases, and other essential services in your system. The information culled from these monitoring activities is important for performance statuses as well as for security.
The ManageEngine EventLog Analyzer installs on Windows, Windows Server and RHEL, Mandrake, SUSE, Fedora, and CentOS Linux. This is a paid product, but there is also a free edition, which gathers logs from up to five sources. You can get a 30-day free trial of the Premium Edition.
Sematext is an infrastructure monitoring system that is delivered from the cloud. The biggest service that the company offers is its logfile explorer. In fact, the company puts its log management system first in its service menu and the price list on its sales website.
The service is an online implementation of the Elastic Stack, which is also known as ELK. This is a combination of services that manage log messages. The first element of this system is Logstash, which is a log server — the system gathers log messages and stores them in files with meaningful names in a logically organized directory structure. The system also includes Elasticsearch, which is a very powerful logfile search system. The frontend of ELK is called Kibana and Sematext hasn’t taken that element on for its own dashboard – the Sematext system has a custom console for data viewing.
The log management system of Sematext is specifically geared towards security monitoring, acting as a security information manager (SIM). The Sematext system uses pre-written searches that are implemented by Elasticsearch. These look for problems in the log messages and the search system generates an alert when it encounters an error message or a system warning. These alerts are displayed in the console. Although log files are not considered live data, as log messages are gathered quickly by the agent of Sematext, they can be searched almost immediately. So, Sematext gives near-real-time monitoring data.
As a cloud service, Sematext charges for its utilities on a subscription basis. The fees for the log manager are levied on a monthly basis with no limit on the number of data sources. However, there are three plans. The cheapest of these is free to use but is limited to processing just 500 MB of data per day and has a retention period of seven days. The Standard plan processes 1, 5, or 10 GB per day and has a retention period of seven or 15 days. The top plan, called Pro, can process up to 150 G B per day and offers a retention period of up to a year. Sematext offers the Standard plan on a 30-day free trial.
Omantek opEvents is a log file manager that is able to collect and consolidate log messages from a Range of sources, including Syslog and Windows Events. This is an add-on module to NMIS, the Network Management Information System.
The opEvents system installs on-premises and its dashboard gives you the opportunity to identify log metrics, such as the reporting rate, and set alerts on unusual statistics. The tool will reorganize incoming log messages into a neutral format and then store them together in files with meaningful names, such as by data, source, or both. These files are regularly rotated and held in a directory structure that makes finding a relevant event easy.
The dashboard includes a data viewer that includes a sort and filter facility for data analysis. It is possible to identify log messages that pertain to a specific device and then analyze its performance based on reported status records.
The screens of the opEvents dashboard are colorful and attractive. They combine log records with summarizing data graphics. The service allows you to set your own rules by building queries that look for specific events of combinations of actions on a specific device.
The data viewer can highlight conversations with particular endpoints and group together log records for specific applications. If you create a search for a specific indicator, you can then work through and open a series of log files and apply that same query to each of them.
The opEvents system supports manual event investigations, so it is specifically aimed at system technicians who know what signs to look for in the large volume of log data that gets generated by a typical system.
The opEvents system is not a standalone tool. It can only be accessed as part of the Network Management Information System (NMIS). So, you need to install that system first. The NMIS software is free and open-source but the opEvents system is a paid product.
The software for NMIS and opEvents installs on Linux. There is an Opmantek virtual machine to run on Windows and host the software if you don’t have any Linux servers on your site. The opEvents is free to use on a 20 node network. You can get a 30-day free trial of the full, unrestricted system.
ManageEngine Log360 gathers log records to form a data source for a SIEM service. The tool has a central server and endpoint agents. The agent on each endpoint collects log messages from the operating system and interfaces to more than 700 software packages to extract activity information. The agent then sends those records to the log server.
The server of the log manager “consolidates” arriving records by converting their layouts into a common format. The log mana ger files these records and also displays them in a data viewer in the dashboard. While records pass through the log manager, the SIEM system performs threat detection.
Features in the Log360 package include a threat detection feed to speed up threat hunting and compliance reporting for HIPAA, PCI DSS, FISMA, SOX, GDPR, and GLBA. The data viewer includes tools for manual data analysis.
When the threat hunter discovers a suspicious event, it raises an alert. This is displayed in the system dashboard and you can also get alerts sent through your service desk system. The tool can work with ManageEngine ServiceDesk Plus, Jira, and Kayoko.
The server for ManageEngine Log360 installs on Windows Server. You can get to know the tool with a 30-day free trial.
Paessler PRTG Network Monitor is a comprehensive monitoring tool for networks, servers, and applications. Log management is an integral part of systems administration and so Paessler made sure to include a log monitoring section in PRTG.
Each monitoring interface in PRTG is called a sensor. Two sensors manage logs. These are the Windows Event Log sensor and the Syslog Receiver sensor.
PRTG Windows Event Log Sensor
The Event Log Windows API sensor catches all of the log messages that a Windows system generates. This includes application alerts and operating system notifications. The sensor monitors the rate of log messages rather than the contents of each message. However, it does categorize those alarms by source or event type. The sensor will generate an alarm in the dashboard if the rate of event log messages escalates. Those notifications can be sent to you in the form of an email or an SMS message. You can customize alert notifications so that they are sent to different team members according to severity or source.
PRTG Syslog Receiver Sensor
The Syslog Receiver sensor receives, monitors, and saves Syslog messages. This gives you a Syslog file management tool, but the sensor isn’t just a passive file creation function. The monitoring element of the receiver’s duties generates alarms if worrying conditions arise, such as an increase in the rate of file creation. You can set the conditions that trigger alerts, and you can decide to whom and how notifications are delivered.
Paessler PRTG is free to monitor up to 100 sensors. If you want to use the tool to monitor your entire network, you will need a lot more sensors and that level of service is charged for. You can get a 30-day free trial with unlimited sensors.
Splunk is a comprehensive log management solution for macOS, Linux, and Windows. The system is a well-known utility within the system administration community. Splunk, Inc produces three versions of its network data monitoring software. The top-of-the-line version is called Splunk Enterprise, which costs $173 per month. This is a network management system rather than just a log file organizer. Fortunately, Splunk is also available for free, making it into our list of Cronolog alternatives.
The free Splunk is restricted to input file analysis. You can feed in any of your standard logs or funnel real-time data through a file into the analyzer. The free utility can only have one user account, and its data throughput is limited to 500 MB per day. The system doesn’t explicitly deal with network alerts, but you could force that functionality by getting alerts written to a file and then bounced into Splunk.
A data sorting and filtering utility is built into Splunk, and you can write out to files from the analyzer. These features can emulate Cronolog by dividing log records by date and writing each group out to new files.
Like Cronolog, Fluentd runs on Linux systems — Debian, CentOS, and Ubuntu. It can also be installed on Mac OS, Amazon Linux, RHEL, and Windows. This cloud-based utility acts as a hub for log file information gathered by an agent on your system. The hosted log management tool can collect live data streams to create log files as well as monitor and manage existing files. One of the data sources that Fluentd is written to manage is the logging system of Apache.
Results from log record analysis can be made to trigger alerts, but these have to be processed by Nagios, or a Nagios-based monitoring system. Fluentd is an open-source project so that you can download the source code. This tool is free to use.
The Fluentd website is the source for the program, and it is also the location of community pages where you can get help and advice on running the tool from other users. The core package can be extended through plugins written by other community members. Those plugins are usually free of charge.
You can use many other free interfaces as a front end for Fluentd, such as Kibana. The Fluentd utility can also be integrated with tools that include Elasticsearch, MongoDB, and InfluxDB for analysis.
Logstash is a log creation facility produced by Elastic. This Dutch software organization has created a range of data exploration products that link together in the “Elastic Stack.” This suite of programs is open-source, and each product is available for free. The core element of the Elastic Suite is Elasticsearch. This is a searching and sorting utility that can process data from several files into unified results. Elasticsearch can be integrated into other tools and is available for use with many of the other utilities in this list.
Logstash is the Elastic Stack’s data gathering tool. The functions of Logstash can be tailored to emulate Cronolog. The facility creates source files for analysis by other tools, such as Elasticsearch. The power of this tool is that it can collate data from several different sources. However, if you If want to reorganize your Apache log files, there is no reason why you can’t limit the data search to just one source log file.
The capabilities of Logstash include file parsing, so you can use this function to split up your log files by date. The output of Logstash can be formatted to suit a long list of utilities for analysis or display. It can also be written to a plain text file on disk, which is exactly what Cronolog used to do.
Elastic produces Kibana, which is an excellent free front end for any data gathering tool. Other useful tools in this list can funnel data to Kibana, so you don’t have to rely just on the other Elastic Stack programs to source data for this application.
The full capabilities of Kibana go way beyond the file parsing function of Cronolog. However, the full range of commands available with Kibana includes basic file management that can split out any log file by date. Kibana has a command language console that lets you create scripts and programs to process files. However, if you don’t have programming skills, the preset data manipulation facilities of the interface give you a lot of powerful data sorting and filtering utilities that will help you manage your log files.
The interface includes time-based analysis tools including filters, so you can quickly isolate records in a log file that relate to a specific date. Raw data, graphs, and other visualizations can be written out to files or used to generate reports. Standard reports can be scheduled to run periodically, so creating a filter by date and setting it to run daily and output to a plain text file would give you exactly the same results that you used to get from Cronolog.
The benefit of using Kibana is that it can give much more assistance than Cronolog could. You can compare data from different sources and visualize the information from all of your system log files to analyze performance and forecast capacity requirements. To get a full data management facility, you should probably use Logstash to collate source data, Elasticsearch to sort data, and Kibana to display results. Kibana has plenty of data sourcing and manipulation facilities so that it could be used as a standalone data analysis tool.
The two essential elements of Cronolog are that it could split up log files by date and that it could be run automatically. XpoLog includes both those functions. This is an excellent improvement on Cronolog, however, because XpoLog includes a lot of other functionality. It is a vast improvement on that discontinued log parsing tool.
XpoLog can analyze data from a range of sources, including Apache server logs, AWS, Windows and Linux event logs, and Microsoft IIS. The utility can be installed on Mac OS X 10.11, macOS 10.12 and 10.13, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8, 8.1, and 10. The log management software can also be installed on Linux Kernel 2.6 and later. You can opt for a cloud-based version if you don’t want to install the software. You can access it through Chrome, Firefox, Internet Explorer, or Microsoft Edge.
Apart from straightforward log file management, the XpoLog analysis engine detects unauthorized file access and helps optimize application and hardware usage. XpoLog gathers data from selected sources and will monitor those files that you include in its scope. Once data is centralized, XpoLog merges all data sources and creates its own database of records. Those records can be searched and filtered for analysis, and results can be written out to files. That functionality offers the same file parsing as Cronolog. Results can be written out to files or retained as archives for viewing through the XpoLog dashboard.
XpoLog is available for free. If you just want to split up your Apache log files, then the free version will be good enough. To deal with larger volumes of data and employ the system for analysis, then you might have to step up to one of the paid plans.
The free version allows you to process up to 1 GB of data per day, and the system will retain that data for five days. You could always write out the records to text files to get around that five day limit. The cheapest paid plan offers exactly the same data throughput limit and data retention period as the free service, so it is difficult to see why anyone would pay the $9 per month price tag for that package. More expensive plans give you an unlimited data retention period, with the cheapest unlimited option including an allowance of 1GB data throughput per day for $39 per month. You get progressively larger daily data throughput allowances at each price point. The top plan gives you a data throughput of 8GB per day and costs $534 per month. You have to pay for the service annually in advance, even though it has a monthly price. You can also buy a perpetual license.
Probably the closest alternative to Cronolog, Managelogs is written in “C.” Not only is the utility free, but the source code is available for you to read through. The program is specifically designed to manage Apache web server logs.
Managelogs has different operating modes activated by the variables specified when launching the program. You can set the utility to archive log files by date, or you can specify a maximum file size, which will copy over the log file to a new name and then clear out the current log file so it can start again from scratch and build up new records.
If you specify that logs should be split by date, Managelogs will ensure that files are consolidated across sessions, so stopping and restarting the server manager won’t wipe out existing records on an incomplete day.
DIY log archiving
You can write your own copy of Cronolog as a script for Unix or Unix-like operating systems such as Linux and Mac OS. Although there are plenty of clever things you can do with regular expressions and pattern matching to pick out records for a specific date, the easiest way to get log archives per day is to write a copy script and then schedule it to run at midnight. If the last instructions in the script remove the existing file, new records will accumulate in a separate file throughout the day, to be archived off again at midnight.
for f in $FILES
$CP $LOGDIR/$f $LOGARCH/$f.$DATE.log
$MV $LOGDIR/$f $LOGDIR/$f.$DATE.saved
cat /dev/null > /opt/apache/logs/access_log
Don’t get stressed that cronolog.org is no longer operating or that none of the download sites that used to deliver Cronolog no longer list it. Cronolog was not that great, and you could quite easily write your own version in just a couple of minutes.
Log management utilities are very useful and despite the limited capabilities of Cronolog, many systems administrators came to rely on its services. As you can see from this review, many other log management tools & analysis software, not only give you the ability to parse your log files by date, but also give you some amazing data visualization and analysis features. Our Editor’s choice is an excellent example of this – SolarWinds Security Event Manager.
Every one of the recommendations in our list of Cronolog replacements can be used or tried for free. All of these facilities give you better service than the do-it-yourself replication of Cronolog. Try out any of these tools and see which of them gives you the extra features needed to improve log and facilities management.
Log Management FAQs
What is log aggregation?
Log aggregation combines log files from different sources so that they can be unified for analysis. Different logging systems deploy individual file formats, so log aggregators need to convert log file contents into a unified format. Once all files have the same record layout, they can be submitted together to analytical tools for sorting, searching, filtering, and summarizing.
How do I collect application logs?
One of the main sources of application logs is the Windows Event system. These are very easy to collect in Windows environments.
- Get to the Control Panel.
- Select System and Security.
- In the System and Security folder look for Administrative Tools and click on the View event logs link.
- In the left tree menu of the Event Viewer, expand Windows Logs.
- Click on Application.
- In the Actions menu in the right-hand side panel, click on Save All Events As.
- In the popup file browser select a folder for the log file.
- Give the log file a name. It will be given the .evtx extension. Press Save.
- In the display Information popup, click OK.
What is centralized log management?
Log files and event messages get generated by most applications and operating systems but most people ignore them. You can get a lot of information about the operations of your IT infrastructure if you pay attention to these messages and if you want security standard accreditation, you need to have a comprehensive log management policy. Centralized log management requires you to collect all log files and store them in one place. Many businesses use cloud storage for this activity. Aggregating logs for analysis is also a good idea.
How do you manage logging in the enterprise?
A log management plan needs a strategy. You need to grade the log message sources in order of importance. Next, all log files need to be standardized and stored centrally. A log file analyzer will help you to get useful information from your logs. Look for a log managing package that will support all of these log management activities.