Hello there,
I am associated with one of the projects in a non-profit organization. We are currently in need of an open source syslog (rsyslog to be precise) analyzer which can do saved searches among other features.
One can have private or public saved searches. Private saved searches can only be accessed by a particular user of the log analyzer while public ones can be accessible by the world.
It's going to be used on the rsyslog server nodes which accumulate all kinds of syslogs from other highly loaded servers.
I currently tested with Adiscon LogAnalyzer 3.4.4 with MySQL backend, but, it does not do well while on load. One co-worker told me that they used it in another place and after 3-4 months they had to ditch it as it slow like hell. Plus, it does not do any saved searches (but, that's fine, we can manage do some php hacks).
How about logstash? Does anyone have any experience with this, or any better open source solution?