On 15/03/2007, at 2:44 PM, David Smiley wrote:
Greetings. I've been a user of log4j for quite some time and only recently have been exposed to Chainsaw. At work ( http://www.mitre.org MITRE ) I've been tasked to come up with a log viewer (for in-house use) that has a set of features that are relatively close to what Chainsaw has. Instead of re-inventing the wheel, I'm going to enhance Chainsaw. I don't think any of the enhancements would require any drastic refactoring... but I have not fully absorbed the source yet. Assuming MITRE approves release of my work to open-source (which I think they will; but I have to get through some red tape first), it would be awesome if the community would accept any of my contributions. The enhancements I am about to get started on are roughly asfollows:
I personally would love to see community inspired enhancements. I hope MITRE will say yes.
4. Allow a log viewer to act as a receiver for another log viewer. And, allow a log viewer to receive multiple receivers. Presently, I have no idea how much flexibility Chainsaw has in this regard. It appears that there's one viewer per receiver right now. The result of what I want here is theability to filter and merge multiple log event streams.
There is a handler that 'routes' each logging event to a view, based on some configuration. So multiple receivers could still be routed to one view. Right now the configuration on how that route happens is probably not flexible enough. But should be straight forward.
5. The ability to filter based on the correlation of multiple log events by user criteria. Presently, events can only be filtered or highlighted on anContext logging is important. I started experimenting with using Apache Lucene to do further context analysis but got stuck. Indexing a huge log file is not a snappy operation and it seemed impractical. Mind you that was over 1 year ago, I know Lucene 2.0 is probably quicker and may be worth investigating again.event-by-event basis. An example is saying that I want to see all log events that are within 5 seconds of another log event that has someparticular field in common. I pulled that out of my ass but I hope I amgetting the point across.
I know that chainsaw seems to be highly oriented around live monitoring as events come in from remote machines. In my case, I am only concerned withanalyzing pre-existing log-files.In the process, I am likely to clean up many of the source files I get myhands on; I'm a stickler for code quality.
Go for it, I'll support you by reviewing and applying patches etc. Right now I'm managing the signing and deployment of the web-start version too.
I wish I had more time to get my hands dirty with you! Paul Smith
smime.p7s
Description: S/MIME cryptographic signature
