Mike Tremaine wrote:
Hari Sekhon wrote:
I'm also interested in something like this.
The other alternative is to have a second destination which is text based. You can then use an analyzer on this. Unfortunately, when I tried this using logwatch on the text files, logwatch was so inefficient that it took more than a day to analyze one day's logs (single file around 11MB)!
What kind of processor/mem specs do you have? 11MB is not that bad I have maillogs that get run against logwatch every day much bigger then that. Before this goes somewhere else entirely, the OP asked
logs stored in MySQL.
and i'd be very interested in that myself, as i (as does i suspect the OP) have syslog-ng in a central host that accepts remote hosts' logs, and shoves them all into a MySQL database.