>Folks,
>
>My team is investigating Log4j's ability to direct many server's
logging
>data to a single/central server for presentation and analysis. Been
>looking at Socket and JMSAppenders, etc.
>
>What products exists in OSS land or commercial which are fully
featured,
>centralized log4J listeners? Essentially we seek...
>
>- ability to direct many "client" loggers to central location
>- central server collates the logging streams via time stamp, etc.
>- some level of sophisticated GUI to assist interpretation,
filtering of
>the logging data.
>- BONUS: allow centralized configuration of the distributed logging
>clients.
>- etc.
>
>Is ChainSaw what we should be looking at? Others?
Chainsaw can definitely do these things, but you need to have the GUI
running to capture the data. There's no reason you can't build an
extremely simply application that wraps up a set of configured
Receivers and appenders to centralise all logging events to one host.
This is also why I started the Pinpoint project:
http://svn.apache.org/repos/asf/labs/pinpoint/
It's designed to be a central logging repository for logging analysis.
It's not even close to production ready, but steadily working towards
it. The goal I have to use this in our production systems is to have
a centralised logging server that all hosts send their events to (via
socket or jms). Pinpoint indexes these events and provides a rolling
set of daily context zones to perform searches on.
I'm leveraging the richness of Lucene's indexing and searching
infrastructure and hope to provide an extremely powerful log
correlation tool that utilises log4j's inbuilt context mechanisms (by
Thread, by MDC/NDC values etc). Currently there's only a Command-
line tool and a basic Service module but a web-based interface is on
the way.
This is inspired by the commercial Splunk application (which I
haven't tried personally, just read about what they're trying to
achieve). I'm hoping to provide a much better and free alternative! :)
cheers,
Paul Smith
