Log analysis server suggestions?
Kurt Buff
kurt.buff at gmail.com
Thu Feb 16 09:32:43 PST 2006
Ashley Moran wrote:
> Until recently I had a server running syslog-ng set to archive all logs into
> server/year/month/day/ directories. Now the server is running in amd64,
> we've lost our hi-res scrolling display so I want to look at a better log
> watching system.
>
> I've read about logging to a database. I quite like the idea of storing our
> logs in PostgreSQL (I don't like MySQL and don't want to get involved in
> administering a second database). I know I can log to a PG database quite
> easily, but I don't know how I can get the data back out without writing
> manual queries.
>
> Here is what I need:
>
> - Logs stored for the last 6 months or so, and easily searchable
> - Live log watching
> - Log analysis
>
> I might try swatch for the live log watching as this is not affected by the
> choice of log storage and seems the best tool for the job.
>
> As for searching / analysis, I've seen php-syslog-ng
> ( http://www.vermeer.org/projects/php-syslog-ng ), which looks very basic,
> and phpLogCon ( http://www.phplogcon.com/ ), which does not support PG
> anyway. Is there anything better GUI-wise?
>
> Maybe I am best keeping the logs in text files for now, and spending more time
> on swatch.
>
> Any thoughts?
>
> Cheers
> Ashley
http://www.loganalysis.org, and the related listserv might be well worth
your time...
More information about the freebsd-questions
mailing list