echofish

log monitoring made easy! Download Latest version


Web Interface Screenshot of Syslog View

About

Echofish is a free, open source project that acts as a centralized syslog monitor. Written mostly in MySQL and PHP, it aims to be a lightweight solution for real-time log filtering, aggregation and monitoring.

Background:

Echofish is largely inspired by the excellent idea/paper of Marcus J. Ranum, "Artificial Ignorance", that describes a log filtering process whereby any log entries that aren't interesting are discarded. This process leaves behind only irregular entries (anomalies, errors, malfunctions, configuration errors, etc) that are interesting to inspect.

Problem:

On a moderately busy network, sysadmins are cluttered by syslog messages that don't require any sorts of administrative attention (e.g. messages that are just the audit trail of normal operations). Due to the large daily volume of such messages, most organisations will review logs only after trouble in operation is spotted (a deferred analysis), rather than pro-actively & real-time.

Our approach:

Echofish is a purpose-built solution for filtering & monitoring of syslog activity. By whitelisting regular messages through the web UI, the administrator can instruct the log processing mechanism to create alerts only for anomalies (irregular messages).

Echofish source code on github