Syslog

I have been looking around for an easy to setup and use syslog server and recently tried a couple in a production environment with a handful of switches, WAPs, and a firewall. The two I installed on a Windows 2003 server were Kiwi and Splunk.

Kiwi had a simple install and you were off and running. Splunk had an easy install with some minor configuration then you were up and running.

Kiwi was nice because everything is color coded and easy to read, but I found when I attempted to apply filters it would time out or crash the service all together.

Splunk isn't as easy to read, but has all of the information there and seems more robust. I can search on multiple different items and the results are returned fairly quick.

I think for a light logging Kiwi is good because all of the data is right there on the main pane, but for heavy logging with a lot of querying I think I'd go with Splunk.