On 06/04/2014 03:10 AM, Damian Ivanov wrote:
Daniel, there has been more than a decade around a whole class of tools (which not knowingly you already have used) called sysloggers which log your logs.
Over a decade ago one of my major clients used central syslog logging. All the (many hundreds) of machines on the network sent their logs to a single dedicated machine. This machine used a 3rd party logger. It DID NOT use text files. The syslog 'listener' entered the the entries it received into a SQL database. There was no human readable text. The indexing of the database did all the hard work :-) All alarms, analysis, reports were made from that SQL database. In the multi-machine environment it was the only way to deal with the all the info. The Syslog was handled by the InfoSec department not by operations. Part of the reason for the database was to be able to trace activity that spanned machines, routers, firewalls. There is simply no way that a human could analyse that much data, so a human readable textfile was irrelevant. Yes, the text files make sense for single machines that are maintained by people such as the main _contributors_ to this list, people who have a great deal of technical know-how and live close to their machines. But in many commercial/industrial settings there is a great need for automation and tools like 'swatch' https://www.usenix.org/legacy/publications/library/proceedings/sec92/full_pa... don't scale up well. Its also worth noting that the separate logs for each facility (e.g. mail.error) are a human oriented approach. Automation tools, even 'swatch' and variants, never mind the major commercial tools, need a single repository. http://www.pearsonitcertification.com/articles/article.aspx?p=26253&seqNum=5 http://alumni.cs.ucr.edu/~miguelr/unixlogs.pdf -- "Being professional is doing all the things you love to do on days when don't feel like doing them". -- Julius Erving. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org