We have a situation where we have been asked to capture specific "authentication" information from a syslog. I know that Zenoss can be a syslog collector so I am wondering if there are any good articles or tutorials on how to properly collect syslog info but more importantly, what I'd like to do is organize it such that it comes in on it's own event category that I can create such as "syslog authentication". Then I can create reports, etc. based on the information it is collecting.
I have looked around for Zenoss Syslog tutorials but haven's found a good one as of yet and I'm not sure how to take in a syslog message and organize it so it's separated in it's own event class.
Thanks for any advice and help!