The key thing for reports like this is the question of if you know ahead of time
that the report is going to be needed or not.
If not, you are going to need to search through all of your logs to get the
answer. If you have a lot of logs, you will need to have Elasticsearch, Splunk,
or some similar system to let you have lots of computers searching at the same
time so that you can get the answer in a reasonable amount of time.
If you do know that you will need to produce the report, you can set things up
to produce it much more efficiently.
I wrote an article on this topic that's available from Usenix at
https://www.usenix.org/publications/login/feb14/logging-reports-dashboards (it's
behind a paywall for the first year, let me know if that's an issue)
David Lang
On Sat, 4 Oct 2014, Carlos Manuel Trepeu Pupo wrote:
Ok, maybe I don't explain myself as well as I guess. I read about the log
analyzer of elasticsearch, but I understood that analyze is for statistic
of incoming logs and more options, but here are a couple of case that I
need to report:
1- My boss ask me for a report for top 10 enterprises that have more
surfing in weekend.
2- My principal specialist ask me for the total of outgoing MB of email of
an user or other Enterprise.
3- There's a problem with an enterprise, so we need to make a report with
the hours (out of work days), dates, sites and files for that enterprise.
Is possible to make this kind of analysis with elasticsearch and export it?
On Fri, Oct 3, 2014 at 10:53 PM, David Lang <[email protected]> wrote:
What are you looking for when you say "analyze logs"
There is real-time analysis of logs to look for specific entries or
combinations of entries and generate alerts. Simple Event Correlator (sec)
is a very powerful tool for this sort of work
There are periodic reports summarizing data into reports
There is generating trending data (frequently for graphs)
There is unplanned searches of logs (Elasticsearch is great for this)
David Lang
On Fri, 3 Oct 2014, Carlos Manuel Trepeu Pupo wrote:
OK, thanks both of you to answer almost all my doubts. I have been passed
all day reading and here come new problems.
How can I analyze the LOGs ? I use WebSpy as log analyzer, but anyone of
you guys tell me how can I analyze POSTFIX, SQUID, FREE RADIUS, and others
if they are in database?
In case that the databases are in mySQL there is no problem, but when I
have elasticsearch, what software I can use?
P.S: I read about elasticsearch and I love the way they solve problems and
show statistic, but without log analyzer, I can't do anything.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
