Log analysis server suggestions?

Ashley Moran ashley.moran at codeweavers.net
Thu Feb 16 06:20:09 PST 2006


Until recently I had a server running syslog-ng set to archive all logs into 
server/year/month/day/ directories.  Now the server is running in amd64, 
we've lost our hi-res scrolling display so I want to look at a better log 
watching system.

I've read about logging to a database.  I quite like the idea of storing our 
logs in PostgreSQL (I don't like MySQL and don't want to get involved in 
administering a second database).  I know I can log to a PG database quite 
easily, but I don't know how I can get the data back out without writing 
manual queries.

Here is what I need:

- Logs stored for the last 6 months or so, and easily searchable
- Live log watching
- Log analysis

I might try swatch for the live log watching as this is not affected by the 
choice of log storage and seems the best tool for the job.

As for searching / analysis, I've seen php-syslog-ng 
( http://www.vermeer.org/projects/php-syslog-ng ), which looks very basic, 
and phpLogCon ( http://www.phplogcon.com/ ), which does not support PG 
anyway.  Is there anything better GUI-wise?

Maybe I am best keeping the logs in text files for now, and spending more time 
on swatch.

Any thoughts?

Cheers
Ashley


More information about the freebsd-questions mailing list