[syslog-ng] syslog-ng GUI
Dukes Clayton
Clayton.Dukes at HCAhealthcare.com
Thu May 11 18:09:32 CEST 2006
Uh, ok...
So can someone dumb those pdf's down so that someone with only a 150iq
can understand them? Geeze man.
I'm working on a development version of php-syslog-ng that does (I
think) what sisyphus is referring to.
Essentially, group multiple, repeated tokens into the DB thereby
decreasing large amounts of data. When a token gets repeated, simply
update a count field using "ON DUPLICATE KEY UPDATE count = count + 1"
(available in MySQl v4.1+)
I just need the time to re-write the tables.
I've already done it with the hosts table:
I created a new table called hosts and just update the count field, then
reference that host using a foreign key in the logs table.
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Jon Stearley
Sent: Thursday, May 11, 2006 10:50 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] syslog-ng GUI
On May 11, 2006, at 6:51 AM, Arya, Manish Kumar wrote:
> Hi Guys,
>
> I am storing logs on a central server having 3T SAN, using follwing
> template
>
> destination indexlog {
>
> file("/logs/log01/indexlog/$YEAR/$MONTH/$DAY/$HOST"
>
> template("$HOUR:$MIN:$SEC,$PROGRAM,$FACILITY,$PRIORITY,$MSGONLY\n")
> template-escape(yes)
> owner(root) group(root) perm(0644)
> dir_perm(0755) create_dirs(yes));
> };
>
> my logging is done perfectly :)
>
> like /logs/log01/indexlog/2006/05/11/hostnames
>
> I want to have a GUI to view logs with following facilities
>
> -search logs on basis on date/time, text patterns in
> messages,hostnames.
http://www.cs.sandia.gov/sisyphus/ mines patterns, but does not have a
production GUI (yet). It is more of a research tool at this point, but
I would be happy to help you give it a try. Recent emphasis has been on
the functionality described in .../detection.pdf. Please let me know if
interested, like I said I'd be happy to help, and am in fact looking for
additional datasets to analyze; I find my approach to be effective for
supercomputer logs, but have not yet explored its effectiveness for
other log sets (eg enterprise). I've been waiting to implement a
production GUI until I am confident that the underlying functionality is
general and excellent. My current leaning is towards adding sisyphus
functionality to splunk's interface (and have contacted splunk about
this).
G'day!
--
+--------------------------------------------------------------+
| Jon Stearley (505) 845-7571 (FAX 844-9297) |
| Sandia National Laboratories Scalable Systems Integration |
+--------------------------------------------------------------+
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list