On Sat, 2003-09-27 at 01:21, Wil Cooley wrote:
On Fri, 2003-09-26 at 17:17, Konstantin Riabitsev wrote:
> The largest win, in my opinion, is its usefulness in large cluster
> installations, where logwatch simply doesn't "cut it." Other things I
> consider just bonuses.
I'm going to have to look at this, since this is one of the most
bothersome missing features of LogWatch, logcheck, and pflogsumm.
To give you some idea of how much it reduces.
We have 230 systems logging to one loghost. The loghost runs syslog-ng.
nothing special being done with syslog-ng, really. epylog parses logs
once an hour b/t 9am and 9pm and once at 4am.
Our average log report is about 19-30K
it's tidy, it summarizes the info you want to see, and shows you the
aberrations at the end of the report.
We've caught more weirdness b/c it has reduced the crap we don't need to
see.
-sv