3

I am curious as to what others find to be the most useful log analysis tools for *nix. Presently I am simply tailing output and grepping through things, however I'd like to use something that would be more feature full. In this case I'm watching Unicorn web server logs along with application output from staging and production servers that are collected on the local rsyslog server into separate files.

I have poured through the various log matches in the repos and the list is obviously quite lengthy and extensive, therefore I'm hoping that you might share the gem's that you've worked with or are aware of that merit special attention.

ylluminate
  • 1,155
  • 2
  • 17
  • 35
  • Maybe it's better idea to use some service specific log analysis tool ( for example, only for http, mail, squid...) than some all round solution. – Boban P. Nov 21 '11 at 07:59
  • Why did this get closed as non constructive ? This can lead to some very interesting answers I am sure. Sure, the question could be more precise but if it's a generic tool he is looking for then it makes sense as is. – Antoine Benkemoun Nov 21 '11 at 08:57
  • Agreed, this is an excellent question for this forum. I find a lot of participants in these stack communities to be very negative. How can you be more specific when you need general input that helps to create a funnel to more specificity? – ylluminate Nov 21 '11 at 17:36
  • @BobanP. I had in mind perhaps something similar to Mac OS X's Console app that has some general usage capacity, but also has the ability to look for times and perhaps can colorize based on regex or offers other functions as well. – ylluminate Nov 21 '11 at 17:38

1 Answers1

0

From what I hear, Splunk is considered the state of the art in log analysis software.

The free edition will process up to 500MB of log data per day.

The paid version is expensive!

Alnitak
  • 21,191
  • 3
  • 52
  • 82
  • Right @Alnitak, and thus why I'm not really jumping into it. :) You note the 500MB limit, which I've also seen, but I've seen discussion both ways regarding whether it's 500 a day and 500 total. – ylluminate Nov 21 '11 at 17:39