From owner-freebsd-questions@FreeBSD.ORG Thu Feb 16 17:32:43 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2683A16A422 for ; Thu, 16 Feb 2006 17:32:43 +0000 (GMT) (envelope-from kurt.buff@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63A9543D45 for ; Thu, 16 Feb 2006 17:32:42 +0000 (GMT) (envelope-from kurt.buff@gmail.com) Received: by wproxy.gmail.com with SMTP id i5so247410wra for ; Thu, 16 Feb 2006 09:32:41 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=ecCGn0s7WfGZEiPfis/bWqtD7nKTHZT3cHnoJAbjTV09PrEUiLzVbNm3S0MWSfWkKGZrB3l1VK2KHXvxCVQ+XW6I7iAh8ixixFlGYIGM2gb+qJkGgBBLsHA3bp7rbTGVANq1Y8DEdKQ18Rz3CKsbsWZGOjGIoMNw+5z87zW902s= Received: by 10.54.133.1 with SMTP id g1mr1234037wrd; Thu, 16 Feb 2006 08:49:52 -0800 (PST) Received: from ?192.168.5.63? ( [216.202.42.5]) by mx.gmail.com with ESMTP id g9sm1084417wra.2006.02.16.08.49.50; Thu, 16 Feb 2006 08:49:51 -0800 (PST) Message-ID: <43F4ABDB.7090009@gmail.com> Date: Thu, 16 Feb 2006 08:44:11 -0800 From: Kurt Buff User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ashley Moran References: <200602161418.32982.ashley.moran@codeweavers.net> In-Reply-To: <200602161418.32982.ashley.moran@codeweavers.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Log analysis server suggestions? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: kurt.buff@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 17:32:43 -0000 Ashley Moran wrote: > Until recently I had a server running syslog-ng set to archive all logs into > server/year/month/day/ directories. Now the server is running in amd64, > we've lost our hi-res scrolling display so I want to look at a better log > watching system. > > I've read about logging to a database. I quite like the idea of storing our > logs in PostgreSQL (I don't like MySQL and don't want to get involved in > administering a second database). I know I can log to a PG database quite > easily, but I don't know how I can get the data back out without writing > manual queries. > > Here is what I need: > > - Logs stored for the last 6 months or so, and easily searchable > - Live log watching > - Log analysis > > I might try swatch for the live log watching as this is not affected by the > choice of log storage and seems the best tool for the job. > > As for searching / analysis, I've seen php-syslog-ng > ( http://www.vermeer.org/projects/php-syslog-ng ), which looks very basic, > and phpLogCon ( http://www.phplogcon.com/ ), which does not support PG > anyway. Is there anything better GUI-wise? > > Maybe I am best keeping the logs in text files for now, and spending more time > on swatch. > > Any thoughts? > > Cheers > Ashley http://www.loganalysis.org, and the related listserv might be well worth your time...