Hey Lance, I'll have you know the new version of LogZilla can process 20k messages per second :-) Which isn't syslog-ng good, but pretty good nonetheless ;-) ______________________________________________________________ Clayton Dukes ______________________________________________________________ On Thu, Jun 24, 2010 at 3:34 PM, Lance Laursen <lance@demonware.net> wrote:
On Wed, Jun 23, 2010 at 11:34 PM, Hendrik Pahl <pahl@team-datentechnik.de> wrote:
Hi,
...
That said, it does not soundlike you need to use it for what you're trying to do.
Okay, i already had the feeling patterndb was not the one really giving me a solution. I simply need something to bring down the relevant loglines, since 1.5M lines/month in a logfile/different logfiles are simply much to much to monitor/read.
Grepping after "error" or "warning" or "failure" is just one approach, but never will be the only one, since this might kick out things i wanna definitely see.
currently i'm looking at logfiles and size down the amount of lines by piping the cat output into sed, which kicks out the informational and overhead lines. this ia an iterative apporach, since i refine the sed expression time to time.
How are others managing this issue?
Also, aside from the essay I just wrote :), take a look at http://crunchtools.com/software/petit/ . It should be very useful for any manual log parsing.
-- Lance Laursen Demonware Systems Engineer
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html