2003-10-15T07:10:02 Tina Bird: > loganalysis list, i got this question ages ago and figured you might all > be interested in the discussion. Definitely interesting! > > * Has the state of open source syslog parsing progressed beyond swatch > > & logdaemon? [...] > swatch is by far the most common choice i see for alerting, although i > have the impression that people who advance beyond the "what's a log" > stage are far happier with logsurfer, since it allows far more > sophisticated responses, and includes the ability to modify its monitoring > behavior based on context. Besides those, another I keep hearing about, and have in mind to look at really closely next time I need such a component, is SEC, the Simple Event Correlator. Another thing worth looking at closely is syslog-ng's filtering and message routing capabilities; while not as powerful as something like SEC, it has the _big_ advantage of being synchronous, not requiring a separate log tailer; it's my favourite place to focus for filtering messages down to avoid performance problems. > blame microsoft, again. Again? Always! :-) -Bennett
This archive was generated by hypermail 2b30 : Wed Oct 15 2003 - 11:28:12 PDT