Need some insights on syslog analyzers

Hello there,

I am associated with one of the projects in a non-profit organization. We are currently in need of an open source syslog (rsyslog to be precise) analyzer which can do saved searches among other features.

One can have private or public saved searches. Private saved searches can only be accessed by a particular user of the log analyzer while public ones can be accessible by the world.

It's going to be used on the rsyslog server nodes which accumulate all kinds of syslogs from other highly loaded servers.

I currently tested with Adiscon LogAnalyzer 3.4.4 with MySQL backend, but, it does not do well while on load. One co-worker told me that they used it in another place and after 3-4 months they had to ditch it as it slow like hell. Plus, it does not do any saved searches (but, that's fine, we can manage do some php hacks).

How about logstash? Does anyone have any experience with this, or any better open source solution?

Check out splunk.

Regards
Peasant.

But, splunk is not Open Source, right? We are looking only for Open Source solutions.

It's not under open source license.

But it's free to some extent (500 MB per day of indexing).
So if you have up to 500MB per day from any number of machines, splunk will be free.

You are not buying splunk, but how much data will splunk index per day.

And no, i'm not selling this software or nothing :), just had the chance to implement it where i work, and folks who are using it are quite satisfied.