On 10/31/2014 06:30 PM, Rich Freeman wrote: > On Fri, Oct 31, 2014 at 6:09 PM, Tom H <tomh0...@gmail.com> wrote: >> The systemd line was always that if you wanted to ship your logs off >> to another box, use rsyslog. So I've never understood the embedding of >> an httpd in systemd. I guess that the httpd server's useful if if you >> want a basic send-the-logs-to-another-box-as-is, but that, if you want >> to filter or manipulate the journald output, you have to use rsyslog >> or syslog-ng. >> > If you're going to implement a log manager there is no reason to not > let it export logs to a central manager. > > As far as filtering/manipulating logs goes, you can do plenty of that > with journalctl already, and it supports dumping your logs in json so > you can do anything you want with them in another tool. There aren't > really any such tools around yet, but I'm sure we'll see them come up.
You guys should check out the ELK stack: http://www.elasticsearch.org/overview/ Basically, transform logs to JSON with logstash, throw the JSON into elastic search, and make plots with Kibana. We use it at work; it's absolutely fantastic. You can save Kibana dashboards and have them auto-update every 5 or 10 seconds (plenty of other granularities as well), and have a "real-time" view of, let's say, job errors or running jobs or utilization. Alec