On Fri, 2003-09-26 at 17:42, Alexandre Oliva wrote:
> Epylog is a syslog parser which runs periodically, looks at your
> processes some of the entries in order to present them in a more
> comprehensible format, and then mails you the output.
Fedora already has LogWatch, and it would suck to get *two* e-mails a
day for each host :-)
Yes, that would suck. :) Which is why Epylog was written with the idea
that instead of doing that, you log everything to one loghost and when
Epylog runs on that machine, it presents the data about your entire
cluster in one report, instead of a report-per-machine. When you have
over 200 machines, this quickly becomes a priority. :)
How do they compare?
Here are a few things that Epylog can do, which LogWatch can't:
1. By default it generates HTML-formatted reports, so they are better
formatted and are easier to follow (tables, colors, etc). Those who
don't like HTML email can ask for it to be rendered in plaintext, of
course. :) HTML reports can be published to a protected directory and
accessed via the web.
2. Epylog is threaded, meaning that network lookups take a fraction of
the time they do in LogWatch. Makes a lot of difference when your
firewall gets hit by half the world when the next big worm comes
3. Adding a graphical front-end to Epylog should be relatively easy --
the backend is completely abstracted from front-end. A graphical
interface would allow doing some neat things -- like selecting date
ranges, checking which parsing modules to enable, or which logs to
process -- pretty simple. A pygtk interface would be pretty
straightforward to write, though I don't know if I'll ever get around to
that -- GUIs aren't my stroung suit. :)
4. It's written in Python, so maintaining it is much easier. :) </troll>
The largest win, in my opinion, is its usefulness in large cluster
installations, where logwatch simply doesn't "cut it." Other things I
consider just bonuses.
Konstantin Riabitsev <icon(a)linux.duke.edu>