Syslog to Web Page Parser

The 2 scripts with links below are used to select syslog entry types
and display the desired number of events using HTML tables in the results.

I use these scripts to periodically check the most X recent alerts of our 
central syslog server. I have the syslog server recieving events from Snort
IDS nodes, Windows event logs, and SNMP trap forwarders. You could add a 
auto-refresh to the action to redisplay current alerts periodically fairly
easily to have monitored by operations.

The first script creates the web page to allow user to 
Select number of alerts to view
Type of alert based upon distinct string for each source - Snort, Windows, etc.
Type of event - selecte Windows event types as in Errors, Failures, or Information
Select to search for a string in each syslog event record and display only those
Select to use current or previous syslog data files


The action of the form in the 1st script calls the 2nd script to process the
selected log file, parse the desired events, and display back to the user
in a HTML table structure. The script allows for highlighting different 
priority levels as defined.

This page HERE shows the page generated by the first
script to allow the user to select their options.

After the selections are made and Get Alerts clicked, the 2nd script runs to create
an output similar to THIS one.

Both scripts will need a couple of settings changed to match the drive and
directory location of your syslog data files. I run this on a Windows IIS 
installation and Kiwi syslog server. 

The syslog events are expected to be in a certain format are your would have to change
coding if it does not match. I use the following format and the script is coded for this.

Tab seperated fields

1st - Date in MM-DD-YYYY format
2nd - Time in HH:MM:SS format
3rd - syslog level as in Auth.Alert, Local1.Error, and so on
4th - Source name or IP of the sensor that sent event
5th - The syslog event message


The 1st script is HERE Save and rename to syslog.pl
The 2nd script is HERE Save and rename to syslogreport.pl


Other scripts I have available are HERE