if you are splitting all logs up into subdirs like that you will have quite a fun time doing any parsing. i use php-syslog-ng which is piped from mysql and setup as follows in the conf: source s_tcp { tcp(); }; source s_udp { udp(); }; source s_local { unix-stream("/dev/log"); internal(); }; destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(s_tcp); destination(d_mysql); }; log { source(s_udp); destination(d_mysql); }; I have filters and other log facilities setup but this is the basic layout, the docs on the php-syslog-ng site are very simple to follow. i was going to try splunk but many of the times i find that I'm in the shell doing my reports and searches against the log file. On May 11, 2006, at 8:51 AM, Arya, Manish Kumar wrote:
Hi Guys,
I am storing logs on a central server having 3T SAN, using follwing template
destination indexlog {
file("/logs/log01/indexlog/$YEAR/$MONTH/$DAY/$HOST"
template("$HOUR:$MIN:$SEC,$PROGRAM,$FACILITY,$PRIORITY,$MSGONLY\n") template-escape(yes) owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes)); };
my logging is done perfectly :)
like /logs/log01/indexlog/2006/05/11/hostnames
I want to have a GUI to view logs with following facilities
-search logs on basis on date/time, text patterns in messages,hostnames.
-should provide facility to have filters associated with user authentication/authorization.
-should be able to to parallel search to improve search response time.
Regards, -Manish
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html