Date: Mon, 20 Feb 2006 16:19:07 +0000 From: Ashley Moran <work@ashleymoran.me.uk> To: freebsd-questions@freebsd.org Cc: Nathan Vidican <nvidican@wmptl.com> Subject: Re: Log analysis server suggestions? Message-ID: <200602201619.08235.work@ashleymoran.me.uk> In-Reply-To: <43F4951E.5090203@wmptl.com> References: <200602161418.32982.ashley.moran@codeweavers.net> <43F4951E.5090203@wmptl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 16 February 2006 15:07, Nathan Vidican wrote: >I would advise against trying to log everything into SQL records, aside > from the performance hit on translating log/write outputs to SQL > inserts/queries then having the SQL server write to disk anyway, it just > complicates things uneccessarily. You are probably right. I was thinking that it would be easier to search through in a database, but then, most of the issues we are interested in (eg disk failure) we want to know about *now*, rather than the sort of thing that are revealed by historical analysis. > My advice would be to take a step back and look at what's important to you. > I find it's best to > work with a mixture of things and hack your own scripts to fill in the > gaps. Having looked at some logs, most of the stuff we are interested in probably is specific to our setup. Log formats are so loose I doubt any off-the-shelf log analysis tool would be much good unless it was 10x more complex than most of the software we want to log anyway. It's surprised me how much time and effort it takes to turn logs into useful data. And I wonder how Windows admins get by at all? Thanks for the advice Ashley
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602201619.08235.work>