[prev in list] [next in list] [prev in thread] [next in thread] 

List:       loganalysis
Subject:    RE: [logs] Products for log correlation
From:       "Scott Deboy" <sdeboy () comotivsystems ! com>
Date:       2004-06-05 20:25:22
Message-ID: 984A7225EFC7FD44B0B66D3A29A14400061846 () pdxcorp1 ! vwsnet ! com
[Download RAW message or body]

I found Anthony Butler's post looking for log correlation software, and I was \
wondering if log4j's Chainsaw V2 log analysis UI would meet his needs.

Chainsaw is an Apache product (developed by the log4j team) and is extensible (you \
can develop 'receivers' which will load events into Chainsaw from custom sources).

It is not yet an 'enterprise quality' product (currently an alpha release), but I \
encourage everyone to take a look and examing it's filtering and correlation \
capabilities.  

A screen shot and webstart download are available here (webstart requires a Java VM): \
http://logging.apache.org/log4j/docs/chainsaw.html

There is a tutorial available from the 'welcome' tab which provides more information.

Chainsaw can receive events from text files, databases, sockets, XML files \
(conforming to log4j's dtd), and a number of log4j-like frameworks (.net, c++, perl, \
php, and others).  I've used it to process events from syslog, custom formatted text \
files, custom database log entries and our java-based client and server applications. \
It may be able to process web logs, I haven't tried.

As events are received in the application, each receiver component generally routes \
events to a unique tab, and one could define a 'view' combining events from the \
separate tabs into a single tab, allowing time-based correlation, etc.

Chainsaw also supports sorting, filtering and colorizing.  The colorizing and \
filtering mechanisms rely on a simple expression language syntax (including support \
for regular expressions, precedence and a number of operators).

It may require some fine-tuning and customization, but it could work (you could also \
write your own 'receivers' to load events from unsupported datasources).  It's \
definitely a DIY (do-it-yourself) tool.

If you have further questions, feel free to email me.

Scott Deboy
sdeboy@apache.org


_______________________________________________
LogAnalysis mailing list
LogAnalysis@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/loganalysis


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic