> BTW, does log analysis have to be only on syslogs? How about > output from > applications (Oracle database log, binary logs, ...)? I strongly think: NO! But I think it is sufficient to initially look at syslog, only. Even with current technology, you can "convert"/relay/transport (whichever term you like) may other logs (text files, serial devices, database content, to some extent binary data) to syslog data. However, focussing on syslog gives you at least some common properties, like that you deal with a stream of non-binary characters, which simplifies some parts of the analysis. I think *if* we tackle syslog analysis sufficiently well (and we are far from that), we can also tackle other log sources by simply applying the right pre-processor. At least this is my current state of thinking... Rainer _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Mar 15 2004 - 09:59:38 PST