Date: Thu, 16 Feb 2006 14:18:32 +0000 From: Ashley Moran <ashley.moran@codeweavers.net> To: freebsd-questions@freebsd.org Subject: Log analysis server suggestions? Message-ID: <200602161418.32982.ashley.moran@codeweavers.net>
next in thread | raw e-mail | index | archive | help
Until recently I had a server running syslog-ng set to archive all logs into server/year/month/day/ directories. Now the server is running in amd64, we've lost our hi-res scrolling display so I want to look at a better log watching system. I've read about logging to a database. I quite like the idea of storing our logs in PostgreSQL (I don't like MySQL and don't want to get involved in administering a second database). I know I can log to a PG database quite easily, but I don't know how I can get the data back out without writing manual queries. Here is what I need: - Logs stored for the last 6 months or so, and easily searchable - Live log watching - Log analysis I might try swatch for the live log watching as this is not affected by the choice of log storage and seems the best tool for the job. As for searching / analysis, I've seen php-syslog-ng ( http://www.vermeer.org/projects/php-syslog-ng ), which looks very basic, and phpLogCon ( http://www.phplogcon.com/ ), which does not support PG anyway. Is there anything better GUI-wise? Maybe I am best keeping the logs in text files for now, and spending more time on swatch. Any thoughts? Cheers Ashley
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602161418.32982.ashley.moran>