APM: Musings: Current state of log capture and analysis...

jameschoate at austin.rr.com jameschoate at austin.rr.com
Thu Jul 1 08:47:03 PDT 2010


I'm looking into a solution to collecting logs on at least a hundred or so servers, and possibly somewhere in the neighborhood of 5 million endpoints (and that could grow 2-3x).

I've been googling around and found:

Snare - mix of proprietary and open source solution, is based around a central collection service/server which is very appealing
AWStats - this one is more for single server analysis and just doesn't feel right
MindTreeInsight - Jave and open source, will likely look a little deeper into this one
LASSO - Open Source and seems to be Windows only
syslog-ng - this has been around forever and is scripted based, doesn't scale the way I'd like
Analog - this one I'm not familiar with, currently researching
Webalizer - is more focused on single server analysis and may have scaling issues, currently researching
Yaala - not familiar with this one at all, still researching

Any that you know if that I missed? If you have a favorite can you share in 3-5 sentences why? Scaling is important.

I was also looking at a JASON based log analysis tool but didn't find any. This tech looks like a good way to approach this problem. Scaling might be an issue.

--
 -- -- -- --
Venimus, Vidimus, Dolavimus

jameschoate at austin.rr.com
james.choate at g.austincc.edu
james.choate at twcable.com
h: 512-657-1279
w: 512-845-8989
http://hackerspaces.org/wiki/Confusion_Research_Center

Adapt, Adopt, Improvise
 -- -- -- --


More information about the Austin mailing list