From owner-freebsd-questions@FreeBSD.ORG Mon Feb 20 16:20:35 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 976C816A420 for ; Mon, 20 Feb 2006 16:20:35 +0000 (GMT) (envelope-from work@ashleymoran.me.uk) Received: from mail.dc-servers.com (mail.dc-servers.com [83.243.101.206]) by mx1.FreeBSD.org (Postfix) with SMTP id 7BE3743D55 for ; Mon, 20 Feb 2006 16:20:32 +0000 (GMT) (envelope-from work@ashleymoran.me.uk) Received: (qmail 12655 invoked by uid 399); 20 Feb 2006 16:20:33 -0000 Received: from unknown (HELO alfie.jigsawhq.com) (work@ashleymoran.me.uk@213.106.224.113) by mail.dc-servers.com with SMTP; 20 Feb 2006 16:20:33 -0000 From: Ashley Moran Organization: Codeweavers Ltd To: freebsd-questions@freebsd.org Date: Mon, 20 Feb 2006 16:19:07 +0000 User-Agent: KMail/1.9.1 References: <200602161418.32982.ashley.moran@codeweavers.net> <43F4951E.5090203@wmptl.com> In-Reply-To: <43F4951E.5090203@wmptl.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602201619.08235.work@ashleymoran.me.uk> Cc: Nathan Vidican Subject: Re: Log analysis server suggestions? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Feb 2006 16:20:35 -0000 On Thursday 16 February 2006 15:07, Nathan Vidican wrote: >I would advise against trying to log everything into SQL records, aside > from the performance hit on translating log/write outputs to SQL > inserts/queries then having the SQL server write to disk anyway, it just > complicates things uneccessarily. You are probably right. I was thinking that it would be easier to search through in a database, but then, most of the issues we are interested in (eg disk failure) we want to know about *now*, rather than the sort of thing that are revealed by historical analysis. > My advice would be to take a step back and look at what's important to you. > I find it's best to > work with a mixture of things and hack your own scripts to fill in the > gaps. Having looked at some logs, most of the stuff we are interested in probably is specific to our setup. Log formats are so loose I doubt any off-the-shelf log analysis tool would be much good unless it was 10x more complex than most of the software we want to log anyway. It's surprised me how much time and effort it takes to turn logs into useful data. And I wonder how Windows admins get by at all? Thanks for the advice Ashley