My experience with syslog loggers has so far not been terribly successful. I'm wondering if either it isn't the right solution to my needs or if it's just that I haven't found the right logger yet.
Here are some of my observations and what I would like to see / do: Syslog files get way too big too fast. Text editors are too cumbersome to use with the large files. Configuring for a new file each day results in an unwieldy file. Setting size limits per file results in too many files to sift through for a given day. Seems like there should be a better way to store and examine this information. Kiwi was suggested on the list some time back. It's line scrolling routines must be atrocious as it can't keep up with the incoming data. If this condition is left to continue, it becomes difficult to regain control of the Kiwi process to stop the display. Real time displaying of data seems to be a common problem for loggers. I'd like to be to set up criteria for logging where specified addresses or port numbers are flagged or saved to a separate file. Automatic disk space management so I wouldn't have to delete files or face running the logging system out of space. Real time display of statistics rather than raw data. I'm sure I have a few more "needs", but this should do for a start. Any comments? TIA, Mike Benedict
