I'm sorry, but I live in Cuba, so I can't pay over internet. It sound interesting the article !! :(
On Mon, Oct 6, 2014 at 6:22 AM, David Lang <[email protected]> wrote: > The key thing for reports like this is the question of if you know ahead > of time that the report is going to be needed or not. > > If not, you are going to need to search through all of your logs to get > the answer. If you have a lot of logs, you will need to have Elasticsearch, > Splunk, or some similar system to let you have lots of computers searching > at the same time so that you can get the answer in a reasonable amount of > time. > > If you do know that you will need to produce the report, you can set > things up to produce it much more efficiently. > > I wrote an article on this topic that's available from Usenix at > https://www.usenix.org/publications/login/feb14/logging-reports-dashboards > (it's behind a paywall for the first year, let me know if that's an issue) > > David Lang > > > On Sat, 4 Oct 2014, Carlos Manuel Trepeu Pupo wrote: > > Ok, maybe I don't explain myself as well as I guess. I read about the log >> analyzer of elasticsearch, but I understood that analyze is for statistic >> of incoming logs and more options, but here are a couple of case that I >> need to report: >> >> 1- My boss ask me for a report for top 10 enterprises that have more >> surfing in weekend. >> 2- My principal specialist ask me for the total of outgoing MB of email of >> an user or other Enterprise. >> 3- There's a problem with an enterprise, so we need to make a report with >> the hours (out of work days), dates, sites and files for that enterprise. >> >> Is possible to make this kind of analysis with elasticsearch and export >> it? >> >> On Fri, Oct 3, 2014 at 10:53 PM, David Lang <[email protected]> wrote: >> >> What are you looking for when you say "analyze logs" >>> >>> There is real-time analysis of logs to look for specific entries or >>> combinations of entries and generate alerts. Simple Event Correlator >>> (sec) >>> is a very powerful tool for this sort of work >>> >>> There are periodic reports summarizing data into reports >>> >>> There is generating trending data (frequently for graphs) >>> >>> There is unplanned searches of logs (Elasticsearch is great for this) >>> >>> David Lang >>> >>> >>> >>> On Fri, 3 Oct 2014, Carlos Manuel Trepeu Pupo wrote: >>> >>> OK, thanks both of you to answer almost all my doubts. I have been >>> passed >>> >>>> all day reading and here come new problems. >>>> >>>> How can I analyze the LOGs ? I use WebSpy as log analyzer, but anyone of >>>> you guys tell me how can I analyze POSTFIX, SQUID, FREE RADIUS, and >>>> others >>>> if they are in database? >>>> >>>> In case that the databases are in mySQL there is no problem, but when I >>>> have elasticsearch, what software I can use? >>>> >>>> P.S: I read about elasticsearch and I love the way they solve problems >>>> and >>>> show statistic, but without log analyzer, I can't do anything. >>>> _______________________________________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> http://www.rsyslog.com/professional-services/ >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>> DON'T LIKE THAT. >>>> >>>> _______________________________________________ >>>> >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >>> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> >> _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
