From owner-freebsd-questions@FreeBSD.ORG Thu Feb 16 14:20:09 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ED8C16A423 for ; Thu, 16 Feb 2006 14:20:09 +0000 (GMT) (envelope-from AshleyMoran@codeweavers.net) Received: from mta08-winn.ispmail.ntl.com (mta08-winn.ispmail.ntl.com [81.103.221.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86B6A43D4C for ; Thu, 16 Feb 2006 14:20:08 +0000 (GMT) (envelope-from AshleyMoran@codeweavers.net) Received: from aamta12-winn.ispmail.ntl.com ([81.103.221.35]) by mta08-winn.ispmail.ntl.com with ESMTP id <20060216142007.UADA29066.mta08-winn.ispmail.ntl.com@aamta12-winn.ispmail.ntl.com> for ; Thu, 16 Feb 2006 14:20:07 +0000 Received: from jigsaw-sbs02.jigsawhq.com ([213.106.224.113]) by aamta12-winn.ispmail.ntl.com with ESMTP id <20060216142007.BOY20737.aamta12-winn.ispmail.ntl.com@jigsaw-sbs02.jigsawhq.com> for ; Thu, 16 Feb 2006 14:20:07 +0000 X-Filtered-With-Copfilter: Version 0.81.6 (ProxSMTP 1.2.1) X-Copfilter-Virus-Scanned: ClamAV 0.87/1290 - Thu Feb 16 09:14:53 2006 X-Copfilter: Client is part of our network, skipped SpamAssassin Received: from alfie.jigsawhq.com ([192.168.0.181]) by jigsaw-sbs02.jigsawhq.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 16 Feb 2006 14:18:57 +0000 From: Ashley Moran Organization: Codeweavers Ltd To: freebsd-questions@freebsd.org Date: Thu, 16 Feb 2006 14:18:32 +0000 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602161418.32982.ashley.moran@codeweavers.net> X-OriginalArrivalTime: 16 Feb 2006 14:18:58.0037 (UTC) FILETIME=[ECFA1A50:01C63303] Subject: Log analysis server suggestions? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 14:20:09 -0000 Until recently I had a server running syslog-ng set to archive all logs into server/year/month/day/ directories. Now the server is running in amd64, we've lost our hi-res scrolling display so I want to look at a better log watching system. I've read about logging to a database. I quite like the idea of storing our logs in PostgreSQL (I don't like MySQL and don't want to get involved in administering a second database). I know I can log to a PG database quite easily, but I don't know how I can get the data back out without writing manual queries. Here is what I need: - Logs stored for the last 6 months or so, and easily searchable - Live log watching - Log analysis I might try swatch for the live log watching as this is not affected by the choice of log storage and seems the best tool for the job. As for searching / analysis, I've seen php-syslog-ng ( http://www.vermeer.org/projects/php-syslog-ng ), which looks very basic, and phpLogCon ( http://www.phplogcon.com/ ), which does not support PG anyway. Is there anything better GUI-wise? Maybe I am best keeping the logs in text files for now, and spending more time on swatch. Any thoughts? Cheers Ashley