RE: [syslog-ng] suggestions for a web frontend to syslog data
We're using Splunk (http://www.splunk.com) as a visual front-end to our syslog data.
Wow, compared to php-syslog this seems like ferrari and fiat. Are You still happy with it? I played around in their demo site and am really amazed by it. Florian
Yeah it's very very nice. It's still kinda buggy since it's a very new piece of software, but the support folks are fantastic and they're actively working to make things better. The licenses are a bit expensive, though. Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Microprocessor Solutions Sector Cell: (512) 791-0686 Heigl Florian - Munich-MR - external wrote:
We're using Splunk (http://www.splunk.com) as a visual front-end to our syslog data.
Wow, compared to php-syslog this seems like ferrari and fiat. Are You still happy with it? I played around in their demo site and am really amazed by it.
Florian _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
I tried splunk too, but had major time issues with it importing my data. I have 5+ GB of syslogs a day. It's wonderful for the data that's in there and being able to search on it. I just need a better way to get it into the database more efficiently. Thoughts? Chris On 4/7/06, Paul Krizak <paul.krizak@amd.com> wrote:
Yeah it's very very nice. It's still kinda buggy since it's a very new piece of software, but the support folks are fantastic and they're actively working to make things better.
The licenses are a bit expensive, though.
Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Microprocessor Solutions Sector Cell: (512) 791-0686
Heigl Florian - Munich-MR - external wrote:
We're using Splunk (http://www.splunk.com) as a visual front-end to our syslog data.
Wow, compared to php-syslog this seems like ferrari and fiat. Are You still happy with it? I played around in their demo site and am really amazed by it.
Florian _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
We're doing ~1.5GB/day with absolutely no performance problems at all. In fact the CPUs are around 80-90% idle when processing this amount of log data. I'm using a FIFO to to direct the log data into splunk. I found that the tailing processor and the directory monitor were both much slower than the FIFO at handling steady streams of log data. Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Microprocessor Solutions Sector sawall wrote:
I tried splunk too, but had major time issues with it importing my data. I have 5+ GB of syslogs a day.
It's wonderful for the data that's in there and being able to search on it. I just need a better way to get it into the database more efficiently.
Thoughts?
Chris
On 4/7/06, *Paul Krizak* <paul.krizak@amd.com <mailto:paul.krizak@amd.com>> wrote:
Yeah it's very very nice. It's still kinda buggy since it's a very new piece of software, but the support folks are fantastic and they're actively working to make things better.
The licenses are a bit expensive, though.
Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Microprocessor Solutions Sector Cell: (512) 791-0686
Heigl Florian - Munich-MR - external wrote: >> We're using Splunk ( http://www.splunk.com) as a visual >> front-end to our >> syslog data. > > Wow, compared to php-syslog this seems like ferrari and fiat. > Are You still happy with it? I played around in their demo > site and am really amazed by it. > > Florian > _______________________________________________ > syslog-ng maillist - syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> > https://lists.balabit.hu/mailman/listinfo/syslog-ng > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html <http://www.campin.net/syslog-ng/faq.html> > >
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
I'm sorry, i have to say something here - other than a personal dislike of the 'free neuterware, expensive opaque app' approach, one has to wonder about the data limit basis of the licensing. You pay, according to their site, $5k to get <= 2gigs of indexing... and what happens the day your data exceeds this? No matter how fast you cheerfully cough up *more* cash to hastily upgrade your license, what happens to the overflow..? We're rearranging quite a bit here atm, adding a few projects, rededicating machines to different priorities, etc. So going from 'comfortably below' the limit to 'annoyingly above' within the space of a week (or two days, or an hour and half...) is very real to me. (just consider there to be a long rant somewhere in here along the lines of 'free software!' and paying good money to betatest other people's copywrit software, and it'll save us both the trouble ,-) ). Paul Krizak wrote:
We're doing ~1.5GB/day with absolutely no performance problems at all. In fact the CPUs are around 80-90% idle when processing this amount of log data. I'm using a FIFO to to direct the log data into splunk. I found that the tailing processor and the directory monitor were both much slower than the FIFO at handling steady streams of log data.
Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Microprocessor Solutions Sector
sawall wrote:
I tried splunk too, but had major time issues with it importing my data. I have 5+ GB of syslogs a day.
It's wonderful for the data that's in there and being able to search on it. I just need a better way to get it into the database more efficiently.
Thoughts?
Chris
On 4/7/06, *Paul Krizak* <paul.krizak@amd.com <mailto:paul.krizak@amd.com>> wrote:
Yeah it's very very nice. It's still kinda buggy since it's a very new piece of software, but the support folks are fantastic and they're actively working to make things better.
The licenses are a bit expensive, though.
Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Microprocessor Solutions Sector Cell: (512) 791-0686
Heigl Florian - Munich-MR - external wrote: >> We're using Splunk ( http://www.splunk.com) as a visual >> front-end to our >> syslog data. > > Wow, compared to php-syslog this seems like ferrari and fiat. > Are You still happy with it? I played around in their demo > site and am really amazed by it. > > Florian > _______________________________________________ > syslog-ng maillist - syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> > https://lists.balabit.hu/mailman/listinfo/syslog-ng > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html <http://www.campin.net/syslog-ng/faq.html> > >
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Rob Munsch Solutions For Progress IT
participants (4)
-
Heigl Florian - Munich-MR - external
-
Paul Krizak
-
Rob Munsch
-
sawall