What's a good log viewer for e.g. apache, postfix, syslog?

Question

Various processes log in various formats to various locations with various roll-over logic in /var/log.

I'd like a log-viewer that can handle a decent quantity of data, join roll-over log files, and ideally could even interleave log records to get a timeline of what happened on the machine.

For example, I saw a CPU usage spike at a certain time this morning and I'd like to see if there's anything in any of the logs that explains it.

P.S. Yes I realize there's configuration issues like Apache logs can be "anything" so you'd need to tell the log viewer how to parse, and yes I understand that interleaving is hard between products because few columns (except possible "date" and "general message") would necessarily line up.

see also [Alternates to Splunk](https://serverfault.com/q/62687/2321) — warren, Apr 13 '17 at 13:57
Possible duplicate of [Alternatives to Splunk?](https://serverfault.com/questions/62687/alternatives-to-splunk) — Jenny D, Apr 14 '17 at 10:20

score 1 · Answer 1 · answered Jul 09 '09 at 14:43

1

If you've got less than 500MB/day and are only monitoring a single server -- or don't mind paying, you're probably looking for Splunk.

answered Jul 09 '09 at 14:43

Matt

933
5
12

thanks that looks interesting. I was hoping for free tool I could install but of course this is a good answer too. – Jason Cohen Jul 09 '09 at 14:49

score 1 · Answer 2 · edited Apr 13 '17 at 12:14

1

Check out this question (Is anybody using Splunk in a large-scale production environment? ) for other people's experiences with splunk and its competitors.

edited Apr 13 '17 at 12:14

Community

1

answered Jul 09 '09 at 15:02

thepocketwade

1,525
5
16
27

score 1 · Answer 3 · answered Jul 09 '09 at 18:40

1

Real men use grep and print their logs. Makes good bedtime reading material. ;-)

answered Jul 09 '09 at 18:40

KPWINC

11,274
3
36
44

heheh...so that makes me a real men :) something that filters out unneeded stuff, even if it's based on grep, would make my life easier – Jure1873 Dec 03 '09 at 20:30

score 1 · Answer 4 · answered Dec 03 '09 at 19:58

1

I can recommend Lire of the LogReport project. I used to work on that project, but it is Open Source, and allows you to analyze many different log files. There are binary Debian and Ubuntu packages at least, but likely for other platforms too.

answered Dec 03 '09 at 19:58

Egon Willighagen

221
1
2
5

score 0 · Answer 5 · answered Jul 09 '09 at 14:44

0

Splunk might interest you.

Disclaimer: It's commercial and costs money beyond a certain amount of data per day.

But it does provide an interface for everything that you describe above.

answered Jul 09 '09 at 14:44

Dan Carley

25,189
5
52
70

What's a good log viewer for e.g. apache, postfix, syslog?

5 Answers5