Log analysis server suggestions?
work at ashleymoran.me.uk
Mon Feb 20 08:20:35 PST 2006
On Thursday 16 February 2006 15:07, Nathan Vidican wrote:
>I would advise against trying to log everything into SQL records, aside
> from the performance hit on translating log/write outputs to SQL
> inserts/queries then having the SQL server write to disk anyway, it just
> complicates things uneccessarily.
You are probably right. I was thinking that it would be easier to search
through in a database, but then, most of the issues we are interested in (eg
disk failure) we want to know about *now*, rather than the sort of thing that
are revealed by historical analysis.
> My advice would be to take a step back and look at what's important to you.
> I find it's best to
> work with a mixture of things and hack your own scripts to fill in the
Having looked at some logs, most of the stuff we are interested in probably is
specific to our setup. Log formats are so loose I doubt any off-the-shelf
log analysis tool would be much good unless it was 10x more complex than most
of the software we want to log anyway.
It's surprised me how much time and effort it takes to turn logs into useful
data. And I wonder how Windows admins get by at all?
Thanks for the advice
More information about the freebsd-questions