Site icon Software Reviews, Opinions, and Tips – DNSstuff

Best Free Log Management Tools

The log management tools I feature here are either free or have a free tier of service. While it’s fantastic to find a bargain, that doesn’t always make it the best choice for a given use case. IT budgets aren’t infinite, I get that. But don’t let budget considerations alone keep you trapped in log management solutions that don’t ultimately serve your needs or accomplish your goals.

Keep in mind that free tools are still going to require an investment in time and resources to learn, install, configure, and use. Missing features for these free tools may have to be built with the help of community support or an in-house IT team. In some cases, you won’t get the polling frequency or data retention you need without moving to a paid tier of service. In other cases, paid log monitoring software has features you don’t think you need today, but down the road you might realize you could have used those features, if only they’d been available. Check out my review of the best log management tools for on-premises and cloud environments available today.

Best Free Log Management Tools

Event Log Consolidator

One of the three-dozen-plus free tools from SolarWinds®, Event Log Consolidator does just what the name implies—it takes the Windows Event Log from multiple systems (up to five) across your network and pulls them into a single repository, then highlights patterns and trends across all systems to help you spot persistent but systemically dispersed issues.

Kiwi Syslog® Server (free version)

Another from the SolarWinds free-tool stable, this will receive trap or syslog from up to five systems and then act on those messages by forwarding, alerting, or storing the data through the use of filter rules.

ManageEngine EventLog Analyzer (free version)

ManageEngine is another well-known maker of network administration tools among IT professionals. This utility collects, manages, analyzes, correlates, and searches through the log data of over 700 sources using a combination of agentless and agent-based log collection as well as allowing you to directly import logs if you want. Clocking in at 25,000 messages/second, with real-time attack detection, it can also quickly perform forensic analysis and reduce the potential impact of a breach. Note that the free version is limited to five log sources.

Best “Freemium” Log Management Tool Options

Between free and paid options, there lies a category of solutions that offer a subset of features for free, but you have to move to the paid tier to enjoy all of the benefits (and usually support, and sometimes even upgrades). But for some IT pros, what comes in at the free level is all they need, and if they need the extra features, the upgrade doesn’t require a rip-and-replace installation.

Graylog

Graylog is a free, open-source log management platform that can parse, normalize, and enrich logs and event data. Its processing rules allow you to set multiple options for routing messages, black- or white-listing, and even modifying (“enriching”) log messages before moving them to the next step of processing. Graylog also has a robust dashboarding capability that lets you filter out metrics from log messages and then display them in multiple ways, including charts and graphs. Of course, alerting and notifications are possible as well. The only difference between the open-source (free) version and the paid is the addition of offline archiving, user audit logs, support, and an “implementation jumpstart” to get you up and running faster.

XpoLog

XpoLog aggregates log files from selected sources and will monitor those locations/files included in its scope. Once data is centralized, the data is merged into the XpoLog database for processing. Those records can be searched and filtered for analysis, and results can be written out to files, parsing by date or other criteria. XpoLog analyzes data from a wide variety of sources, including Apache server logs, AWS, Windows, and Linux event logs, and Microsoft IIS. It can be installed on systems running Mac OS X 10.11 through 10.13; Windows 8 through 10; Windows Server 2008 R2 through 2016; and any Linux distros running Kernel 2.6 or later. There is also a cloud-based option. The free version allows you to process up to 1GB of data per day, and the system will retain that data for five days. From there, paid tiers add to either the volume of log data that can be processed, the retention period, or both.

PRTG Network Monitor

Through its use of additional sensors, PRTG can extend its Network Monitor solution to monitor a wide variety of other targets. For log monitoring and management, two different sensors are available. The Event Log Windows API sensor is, as the name implies, built to capture Windows Event Log messages. However, rather than triggering on a specific message type or keyword pattern, this sensor monitors the rate of log messages and generates an alarm if the rate reaches a critical threshold. The other log-related sensor is for syslog. This sensor aggregates messages and then alerts either when a particular message type is received, or when the rate of a type of message crosses a threshold.

Splunk

Splunk is well-known within the system administration and monitoring communities. Logfile sources (whether that is text file data shipped from a remote system, syslog, trap, or some other stream) are aggregated on the server running Splunk, indexed, and stored. A data sorting and filtering utility is built-in, as is the ability to alert, write out to files, and more. The free version of Splunk is limited to receiving 500MB of data per day.