Uh, ok... So can someone dumb those pdf's down so that someone with only a 150iq can understand them? Geeze man. I'm working on a development version of php-syslog-ng that does (I think) what sisyphus is referring to. Essentially, group multiple, repeated tokens into the DB thereby decreasing large amounts of data. When a token gets repeated, simply update a count field using "ON DUPLICATE KEY UPDATE count = count + 1" (available in MySQl v4.1+) I just need the time to re-write the tables. I've already done it with the hosts table: I created a new table called hosts and just update the count field, then reference that host using a foreign key in the logs table. -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Jon Stearley Sent: Thursday, May 11, 2006 10:50 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] syslog-ng GUI On May 11, 2006, at 6:51 AM, Arya, Manish Kumar wrote:

Hi Guys,

I am storing logs on a central server having 3T SAN, using follwing

template

destination indexlog {

file("/logs/log01/indexlog/$YEAR/$MONTH/$DAY/$HOST"

template("$HOUR:$MIN:$SEC,$PROGRAM,$FACILITY,$PRIORITY,$MSGONLY\n") template-escape(yes) owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes)); };

my logging is done perfectly :)

like /logs/log01/indexlog/2006/05/11/hostnames

I want to have a GUI to view logs with following facilities

-search logs on basis on date/time, text patterns in messages,hostnames.

http://www.cs.sandia.gov/sisyphus/ mines patterns, but does not have a production GUI (yet). It is more of a research tool at this point, but I would be happy to help you give it a try. Recent emphasis has been on the functionality described in .../detection.pdf. Please let me know if interested, like I said I'd be happy to help, and am in fact looking for additional datasets to analyze; I find my approach to be effective for supercomputer logs, but have not yet explored its effectiveness for other log sets (eg enterprise). I've been waiting to implement a production GUI until I am confident that the underlying functionality is general and excellent. My current leaning is towards adding sisyphus functionality to splunk's interface (and have contacted splunk about this). G'day! -- +--------------------------------------------------------------+ | Jon Stearley (505) 845-7571 (FAX 844-9297) | | Sandia National Laboratories Scalable Systems Integration | +--------------------------------------------------------------+ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html