[syslog-ng] suggestions for a web frontend to syslog data
Rob Munsch
rmunsch at solutionsforprogress.com
Fri Apr 7 21:55:47 CEST 2006
I'm sorry, i have to say something here -
other than a personal dislike of the 'free neuterware, expensive opaque
app' approach, one has to wonder about the data limit basis of the
licensing. You pay, according to their site, $5k to get <= 2gigs of
indexing... and what happens the day your data exceeds this? No matter
how fast you cheerfully cough up *more* cash to hastily upgrade your
license, what happens to the overflow..?
We're rearranging quite a bit here atm, adding a few projects,
rededicating machines to different priorities, etc. So going from
'comfortably below' the limit to 'annoyingly above' within the space of
a week (or two days, or an hour and half...) is very real to me.
(just consider there to be a long rant somewhere in here along the lines
of 'free software!' and paying good money to betatest other people's
copywrit software, and it'll save us both the trouble ,-) ).
Paul Krizak wrote:
> We're doing ~1.5GB/day with absolutely no performance problems at all.
> In fact the CPUs are around 80-90% idle when processing this amount of
> log data. I'm using a FIFO to to direct the log data into splunk. I
> found that the tailing processor and the directory monitor were both
> much slower than the FIFO at handling steady streams of log data.
>
> Paul Krizak 5900 E. Ben White Blvd. MS 625
> Advanced Micro Devices Austin, TX 78741
> Linux/Unix Systems Engineering Phone: (512) 602-8775
> Microprocessor Solutions Sector
>
>
> sawall wrote:
>
>> I tried splunk too, but had major time issues with it importing my
>> data. I have 5+ GB of syslogs a day.
>>
>> It's wonderful for the data that's in there and being able to search
>> on it. I just need a better way to get it into the database more
>> efficiently.
>>
>> Thoughts?
>>
>> Chris
>>
>>
>> On 4/7/06, *Paul Krizak* <paul.krizak at amd.com
>> <mailto:paul.krizak at amd.com>> wrote:
>>
>> Yeah it's very very nice. It's still kinda buggy since it's a
>> very new
>> piece of software, but the support folks are fantastic and they're
>> actively working to make things better.
>>
>> The licenses are a bit expensive, though.
>>
>> Paul Krizak 5900 E. Ben White Blvd. MS 625
>> Advanced Micro Devices Austin, TX 78741
>> Linux/Unix Systems Engineering Phone: (512) 602-8775
>> Microprocessor Solutions Sector Cell: (512) 791-0686
>>
>>
>> Heigl Florian - Munich-MR - external wrote:
>> >> We're using Splunk ( http://www.splunk.com) as a visual
>> >> front-end to our
>> >> syslog data.
>> >
>> > Wow, compared to php-syslog this seems like ferrari and fiat.
>> > Are You still happy with it? I played around in their demo
>> > site and am really amazed by it.
>> >
>> > Florian
>> > _______________________________________________
>> > syslog-ng maillist - syslog-ng at lists.balabit.hu
>> <mailto:syslog-ng at lists.balabit.hu>
>> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> > Frequently asked questions at
>> http://www.campin.net/syslog-ng/faq.html
>> <http://www.campin.net/syslog-ng/faq.html>
>> >
>> >
>>
>> _______________________________________________
>> syslog-ng maillist - syslog-ng at lists.balabit.hu
>> <mailto:syslog-ng at lists.balabit.hu>
>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Frequently asked questions at
>> http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> syslog-ng maillist - syslog-ng at lists.balabit.hu
>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
--
Rob Munsch
Solutions For Progress IT
More information about the syslog-ng
mailing list