RE: [logs] Products for log correlation

• Previous message: Wynn S. Fenwick: "Re: [logs] Looking for Directory service information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I found Anthony Butler's post looking for log correlation software, and I was wondering if log4j's Chainsaw V2 log analysis UI would meet his needs.

Chainsaw is an Apache product (developed by the log4j team) and is extensible (you can develop 'receivers' which will load events into Chainsaw from custom sources).

It is not yet an 'enterprise quality' product (currently an alpha release), but I encourage everyone to take a look and examing it's filtering and correlation capabilities.  

A screen shot and webstart download are available here (webstart requires a Java VM): http://logging.apache.org/log4j/docs/chainsaw.html

There is a tutorial available from the 'welcome' tab which provides more information.

Chainsaw can receive events from text files, databases, sockets, XML files (conforming to log4j's dtd), and a number of log4j-like frameworks (.net, c++, perl, php, and others).  I've used it to process events from syslog, custom formatted text files, custom database log entries and our java-based client and server applications.  It may be able to process web logs, I haven't tried.

As events are received in the application, each receiver component generally routes events to a unique tab, and one could define a 'view' combining events from the separate tabs into a single tab, allowing time-based correlation, etc.

Chainsaw also supports sorting, filtering and colorizing.  The colorizing and filtering mechanisms rely on a simple expression language syntax (including support for regular expressions, precedence and a number of operators).

It may require some fine-tuning and customization, but it could work (you could also write your own 'receivers' to load events from unsupported datasources).  It's definitely a DIY (do-it-yourself) tool.

If you have further questions, feel free to email me.

Scott Deboy
sdeboy@private


_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: SAWYER Charlotte M: "[logs] wtmp, lastlog, etc files"
• Previous message: Wynn S. Fenwick: "Re: [logs] Looking for Directory service information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 05 2004 - 18:38:53 PDT