Andy Davidson wrote:
On 14 Sep 2007, at 15:59, Felipe Augusto van de Wiel (faw) wrote:Imagining that a lot of people here concentrate their logs in a log server, I was wondering if there are recommendation for a good log analyzer, something like logwatch, or documented procedure to get logs from various hosts checked and reported daily (maybe logcheck?).We aggregate with syslog-ng and analyze with splunk - http://www.splunk.com/Splunk isn't open source, but it's "the mutts".
Sort of related question: Does anybody (when aggregating logs to a dedicated logging host) stop logging to the local disk, or do you still do both local and remote logging?
~Seth