Rainer, OK, your response makes more sense. While I see the need to try and limit the scope of the effort I'm in a non-UNIX environment. Finding solutions that output to syslog presents one of those additional integration steps that are nice to avoid. Adam The human race has made it this far thanks to adaptability. -----Original Message----- From: Rainer Gerhards [mailto:rgerhards@private] Sent: Monday, March 15, 2004 11:44 AM To: Safier, Adam *; loganalysis@private Subject: RE: [logs] Log Samples Requested Adam, thanks for your comment - I think my wording was misleading. This is what I said: > > BTW, does log analysis have to be only on syslogs? How about > > output from > > applications (Oracle database log, binary logs, ...)? > > I strongly think: NO! actually, that was supposed to be: > > BTW, does log analysis have to be only on syslogs? > > I strongly think: NO! That means I agree with you that syslog is basically text based logs. However, this, in turn, is already an abstraction, for example it leaves out the binary logs mentioned in the comment above. There are three primary reasons why I focus on syslog first: #1 if you do syslog right, you probably have managed to take care of the rest of the text based logs PLUS all logs that can be converted to text/syslog (which means all) #2 there is a lively community taking care of syslog log analysis, so it is a bit easier to get comments (at least I hope) than if I'd tackle all types of log in the first palace #3 limiting the data on syslog reliefs you on ways to gather logs centrally and such, so you can rule out that part of the picture. I think is is a particular important reason to focus on syslog first. I hope this clarifies. Rainer _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Mar 15 2004 - 17:19:54 PST