Looking for syslog log analyzer
Hello, I use syslog-ng 2.0.2 with MySQL. I'm looking for analyzer program for my system. I've searched through syslog-ng maillist archives, google and found no app that analyze logs stored in MySQL. -- Greetz Daniel
I'm also interested in something like this. The other alternative is to have a second destination which is text based. You can then use an analyzer on this. Unfortunately, when I tried this using logwatch on the text files, logwatch was so inefficient that it took more than a day to analyze one day's logs (single file around 11MB)! If anybody else has any ideas I'd also like to hear them... -h Hari Sekhon Daniel Chojecki wrote:
Hello,
I use syslog-ng 2.0.2 with MySQL.
I'm looking for analyzer program for my system.
I've searched through syslog-ng maillist archives, google and found no app that analyze logs stored in MySQL.
-- Greetz Daniel ------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hi there. You can use http://www.phpwizardry.com/php-syslog-ng.php Regards, Bruno. On 3/7/07, Hari Sekhon <hpsekhon@googlemail.com> wrote:
I'm also interested in something like this.
The other alternative is to have a second destination which is text based. You can then use an analyzer on this. Unfortunately, when I tried this using logwatch on the text files, logwatch was so inefficient that it took more than a day to analyze one day's logs (single file around 11MB)!
If anybody else has any ideas I'd also like to hear them...
-h
Hari Sekhon
Daniel Chojecki wrote:
Hello,
I use syslog-ng 2.0.2 with MySQL.
I'm looking for analyzer program for my system.
I've searched through syslog-ng maillist archives, google and found no app that analyze logs stored in MySQL.
-- Greetz Daniel
------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.huhttps://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
sorry I forgot to mention in my email that I already use that. I was actually referring to a log analyzer app that would generate reports to sum up activity over a given period. Logwatch would have been good but it just couldn't seem to handle the massive size (11MB) of the logfile for one day. It took more than 24 hours to analyze it! Eventuall I just had to ctrl-c it. -h Hari Sekhon Bruno Vieira wrote:
Hi there.
You can use http://www.phpwizardry.com/php-syslog-ng.php
Regards, Bruno.
On 3/7/07, *Hari Sekhon* <hpsekhon@googlemail.com <mailto:hpsekhon@googlemail.com>> wrote:
I'm also interested in something like this.
The other alternative is to have a second destination which is text based. You can then use an analyzer on this. Unfortunately, when I tried this using logwatch on the text files, logwatch was so inefficient that it took more than a day to analyze one day's logs (single file around 11MB)!
If anybody else has any ideas I'd also like to hear them...
-h
Hari Sekhon
Daniel Chojecki wrote:
Hello,
I use syslog-ng 2.0.2 with MySQL.
I'm looking for analyzer program for my system.
I've searched through syslog-ng maillist archives, google and found no app that analyze logs stored in MySQL.
-- Greetz Daniel ------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html <http://www.campin.net/syslog-ng/faq.html>
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hari Sekhon wrote:
I'm also interested in something like this.
The other alternative is to have a second destination which is text based. You can then use an analyzer on this. Unfortunately, when I tried this using logwatch on the text files, logwatch was so inefficient that it took more than a day to analyze one day's logs (single file around 11MB)!
What kind of processor/mem specs do you have? 11MB is not that bad I have maillogs that get run against logwatch every day much bigger then that. [mgt@bell ~]$ du -sh /var/log/maillog 295M /var/log/maillog Last nights Logwatch took 3 mins to run. [Dual Xeon 2.4ghz 2.5gb of RAM] I have a feeling this is going to stray off topic but... It is possible to use a "wrapper" script for logwatch against the database. [I know because I have one] The concept is that you want to query the database for the time range and facility and save the query to a text file that you then use when running logwatch. Example: select date,time,host,msg from current where host = "sirius" and facility = "mail" and date = FROM_DAYS( TO_DAYS(curdate()) - 1) Gets the mail logs for my host Sirius from yesterday. Save that off in /tmp as maillog. Do all the facilities that you need and then run logwatch against that directory using the --logdir switch. If you need more help I think you should bring this to the logwatch users list. Good Luck. -Mike
Mike Tremaine wrote:
Hari Sekhon wrote:
I'm also interested in something like this.
The other alternative is to have a second destination which is text based. You can then use an analyzer on this. Unfortunately, when I tried this using logwatch on the text files, logwatch was so inefficient that it took more than a day to analyze one day's logs (single file around 11MB)!
What kind of processor/mem specs do you have? 11MB is not that bad I have maillogs that get run against logwatch every day much bigger then that. Before this goes somewhere else entirely, the OP asked
logs stored in MySQL.
and i'd be very interested in that myself, as i (as does i suspect the OP) have syslog-ng in a central host that accepts remote hosts' logs, and shoves them all into a MySQL database.
participants (5)
-
Bruno Vieira
-
Daniel Chojecki
-
Hari Sekhon
-
Mike Tremaine
-
Rob Munsch