I`m searching for linux log parser application. I already find some ways, but the best looks logzilla.
Requirements:
Web interface for viewing
Filtering in web
Notifications in web or email
Open source
Support linux system logs, custom logs and apache logs.
I will be happy if you will share your experience with multiple linux system log file analyzing centralized.
My experience is that zabbix is more flexible than logzilla... and neither is really what I would call 'great' for analysis.
Remember, collecting, aggregating and filtering "events" is not really "analysis"; and neither is simple "event triggering" based on simple pattern matching rules.
When I look at logzilla (as in zabbix), I don't see any analysis capabilities; only aggregation, filtering, and simple rule based pattern matching. This is really not "analysis" in my view.
For example, "analysis" would be a software process that can detect, from Apache2 log files, when an IP address is a "bot" (web spider) without looking at the user agent (UA). This is not easy in the general case and requires some pretty sophisticated analysis over time.
Yeah, I`m using zabbix too. But I can`t get it work well with log files. I only use it for specified process, event, etc.. I wrote bash scripts and then use zabbix trapper. Zabbix is good for system monitoring, but not for log files I think.
Still searching for log parsing from Linux Apache to MSSQL. I tried syslog-ng, but it`s logs one Apache line per column. Is there is open source for logging each apache log value to new column?