From kaiwang.chen at gmail.com Tue May 17 09:34:27 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Tue, 17 May 2011 15:34:27 +0800 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? Message-ID: Hello, I just evaluated loganalyzer 3.2.1 stable release. http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-released Fancy stuff, really. I experienced FortiAnalyzer serveral years ago, which is a commertial product, closed-source and running is own hardware, dedicated to Fortinet's products. It is capable of producting statistics reports and mailing to configured receiver, so that one could just check his mail to notice what's going on. Is loganalyzer shipped with such a feature, or is it in development plan? Thanks, Kaiwang From alorbach at ro1.adiscon.com Tue May 17 11:31:11 2011 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Tue, 17 May 2011 11:31:11 +0200 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References: Message-ID: Hi, as promised in my last email here is a faq article describing how to setup a scheduled report with LogAnalyzer on Debian: http://wiki.rsyslog.com/index.php/How_to_schedule_an_offline_report_with_emai l_delivery_on_Debian I hope this helps you. Best regards, Andre Lorbach > -----Original Message----- > From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- > bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen > Sent: Dienstag, 17. Mai 2011 09:34 > To: phplogcon at lists.adiscon.com > Subject: [phpLogCon] Is loganalyzer capable of generating offline report? > > Hello, > > I just evaluated loganalyzer 3.2.1 stable release. > http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-released > > Fancy stuff, really. > > I experienced FortiAnalyzer serveral years ago, which is a commertial > product, closed-source and running is own hardware, dedicated to Fortinet's > products. It is capable of producting statistics reports and mailing to > configured receiver, so that one could just check his mail to notice what's > going on. > > Is loganalyzer shipped with such a feature, or is it in development plan? > > Thanks, > Kaiwang > _______________________________________________ > phpLogCon mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon > http://www.phplogcon.org From kaiwang.chen at gmail.com Tue May 17 12:52:57 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Tue, 17 May 2011 18:52:57 +0800 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References: Message-ID: So there is an admin panel I was not aware of... I noticed the admin directory: # ls admin/ charts.php fields.php index.php reports.php searches.php upgrade.php views.php dbmappings.php groups.php parsers.php result.php sources.php users.php When I tried to access http://host/admin/, it displayed: The LogAnalyzer user system is currently disabled or not installed. What's the directive to enable it? I just followed the INSTALL, and it said nothing about admin panel. Thanks, Kaiwang 2011/5/17 Andre Lorbach : > Hi, > > as promised in my last email here is a faq article describing how to setup a > scheduled report with LogAnalyzer on Debian: > http://wiki.rsyslog.com/index.php/How_to_schedule_an_offline_report_with_emai > l_delivery_on_Debian > > I hope this helps you. > > Best regards, > Andre Lorbach > >> -----Original Message----- >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen >> Sent: Dienstag, 17. Mai 2011 09:34 >> To: phplogcon at lists.adiscon.com >> Subject: [phpLogCon] Is loganalyzer capable of generating offline report? >> >> Hello, >> >> I just evaluated loganalyzer 3.2.1 stable release. >> http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-released >> >> Fancy stuff, really. >> >> I experienced FortiAnalyzer serveral years ago, which is a commertial >> product, closed-source and running is own hardware, dedicated to Fortinet's >> products. It is capable of producting statistics reports and mailing to >> configured receiver, so that one could just check his mail to notice what's >> going on. >> >> Is loganalyzer shipped with such a feature, or is it in development plan? >> >> Thanks, >> Kaiwang >> _______________________________________________ >> phpLogCon mailing list >> http://lists.adiscon.net/mailman/listinfo/phplogcon >> http://www.phplogcon.org > _______________________________________________ > phpLogCon mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon > http://www.phplogcon.org > From alorbach at ro1.adiscon.com Tue May 17 14:29:26 2011 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Tue, 17 May 2011 14:29:26 +0200 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References:

Message-ID: It is called the UserDB System in LogAnalyzer and requires a Mysql Database. See this link on how to enable the UserDB System: http://wiki.rsyslog.com/index.php/How_to_to_use_convert.php_to_install_the_Us erdb-System_in_an_existing_LogAnalyzer_installation best regards, Andre > -----Original Message----- > From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] > Sent: Dienstag, 17. Mai 2011 12:53 > To: Andre Lorbach > Cc: phplogcon at lists.adiscon.com > Subject: Re: [phpLogCon] Is loganalyzer capable of generating offline report? > > So there is an admin panel I was not aware of... I noticed the admin > directory: > # ls admin/ > charts.php fields.php index.php reports.php searches.php > upgrade.php views.php > dbmappings.php groups.php parsers.php result.php sources.php > users.php > > When I tried to access http://host/admin/, it displayed: The LogAnalyzer user > system is currently disabled or not installed. What's the directive to enable it? > I just followed the INSTALL, and it said nothing about admin panel. > > > Thanks, > Kaiwang > > > 2011/5/17 Andre Lorbach : > > Hi, > > > > as promised in my last email here is a faq article describing how to > > setup a scheduled report with LogAnalyzer on Debian: > > > http://wiki.rsyslog.com/index.php/How_to_schedule_an_offline_report_wi > > th_emai > > l_delivery_on_Debian > > > > I hope this helps you. > > > > Best regards, > > Andre Lorbach > > > >> -----Original Message----- > >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- > >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen > >> Sent: Dienstag, 17. Mai 2011 09:34 > >> To: phplogcon at lists.adiscon.com > >> Subject: [phpLogCon] Is loganalyzer capable of generating offline report? > >> > >> Hello, > >> > >> I just evaluated loganalyzer 3.2.1 stable release. > >> http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-rele > >> ased > >> > >> Fancy stuff, really. > >> > >> I experienced FortiAnalyzer serveral years ago, which is a commertial > >> product, closed-source and running is own hardware, dedicated to > >> Fortinet's products. It is capable of producting statistics reports > >> and mailing to configured receiver, so that one could just check his > >> mail to notice what's going on. > >> > >> Is loganalyzer shipped with such a feature, or is it in development plan? > >> > >> Thanks, > >> Kaiwang > >> _______________________________________________ > >> phpLogCon mailing list > >> http://lists.adiscon.net/mailman/listinfo/phplogcon > >> http://www.phplogcon.org > > _______________________________________________ > > phpLogCon mailing list > > http://lists.adiscon.net/mailman/listinfo/phplogcon > > http://www.phplogcon.org > > From kaiwang.chen at gmail.com Wed May 18 09:14:22 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Wed, 18 May 2011 15:14:22 +0800 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References:

Message-ID: When I turn on 'UserDBEnabled', ther server simply returns 500, without any clue in /var/log/messages, /var/log/httpd/error_log. $CFG['UserDBEnabled'] = true; $CFG['UserDBServer'] = 'localhost'; $CFG['UserDBPort'] = 3306; $CFG['UserDBName'] = 'loganalyzer'; $CFG['UserDBPref'] = 'logcon_'; $CFG['UserDBUser'] = 'root'; $CFG['UserDBPass'] = ''; $CFG['UserDBLoginRequired'] = false; $CFG['UserDBConvertAllowed'] = true; I have already done "chown -R /var/www/html apache.apache", and the mysqld is running with empty password listening on both 3306 and the default /var/lib/mysql/mysql.sock(It made no difference when using 127.0.0.1) So what am I missing? Should the schema be created beforehand ? Then, what's it? It is really frustrating to get 500 without any clue, even with *Debug* in config.php turned on. Thanks, Kaiwang 2011/5/17 Andre Lorbach : > It is called the UserDB System in LogAnalyzer and requires a Mysql Database. > See this link on how to enable the UserDB System: > http://wiki.rsyslog.com/index.php/How_to_to_use_convert.php_to_install_the_Us > erdb-System_in_an_existing_LogAnalyzer_installation > > best regards, > Andre > >> -----Original Message----- >> From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] >> Sent: Dienstag, 17. Mai 2011 12:53 >> To: Andre Lorbach >> Cc: phplogcon at lists.adiscon.com >> Subject: Re: [phpLogCon] Is loganalyzer capable of generating offline > report? >> >> So there is an admin panel I was not aware of... ?I noticed the admin >> directory: >> # ls admin/ >> charts.php ? ? ?fields.php ?index.php ? ?reports.php ?searches.php >> upgrade.php ?views.php >> dbmappings.php ?groups.php ?parsers.php ?result.php ? sources.php >> users.php >> >> When I tried to access http://host/admin/, it displayed: The LogAnalyzer > user >> system is currently disabled or not installed. What's the directive to > enable it? >> I just followed the INSTALL, and it said nothing about admin panel. >> >> >> Thanks, >> Kaiwang >> >> >> 2011/5/17 Andre Lorbach : >> > Hi, >> > >> > as promised in my last email here is a faq article describing how to >> > setup a scheduled report with LogAnalyzer on Debian: >> > >> http://wiki.rsyslog.com/index.php/How_to_schedule_an_offline_report_wi >> > th_emai >> > l_delivery_on_Debian >> > >> > I hope this helps you. >> > >> > Best regards, >> > Andre Lorbach >> > >> >> -----Original Message----- >> >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- >> >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen >> >> Sent: Dienstag, 17. Mai 2011 09:34 >> >> To: phplogcon at lists.adiscon.com >> >> Subject: [phpLogCon] Is loganalyzer capable of generating offline > report? >> >> >> >> Hello, >> >> >> >> I just evaluated loganalyzer 3.2.1 stable release. >> >> http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-rele >> >> ased >> >> >> >> Fancy stuff, really. >> >> >> >> I experienced FortiAnalyzer serveral years ago, which is a commertial >> >> product, closed-source and running is own hardware, dedicated to >> >> Fortinet's products. It is capable of producting statistics reports >> >> and mailing to configured receiver, so that one could just check his >> >> mail to notice what's going on. >> >> >> >> Is loganalyzer shipped with such a feature, or is it in development > plan? >> >> >> >> Thanks, >> >> Kaiwang >> >> _______________________________________________ >> >> phpLogCon mailing list >> >> http://lists.adiscon.net/mailman/listinfo/phplogcon >> >> http://www.phplogcon.org >> > _______________________________________________ >> > phpLogCon mailing list >> > http://lists.adiscon.net/mailman/listinfo/phplogcon >> > http://www.phplogcon.org >> > > From alorbach at ro1.adiscon.com Wed May 18 10:08:50 2011 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Wed, 18 May 2011 10:08:50 +0200 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References:

Message-ID: Perhaps you should try to do a clean installation, or enable php error output in your php.ini. Best regards, Andre Lorbach > -----Original Message----- > From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] > Sent: Mittwoch, 18. Mai 2011 09:14 > To: Andre Lorbach > Cc: phplogcon at lists.adiscon.com > Subject: Re: [phpLogCon] Is loganalyzer capable of generating offline report? > > When I turn on 'UserDBEnabled', ther server simply returns 500, without any > clue in /var/log/messages, /var/log/httpd/error_log. > > $CFG['UserDBEnabled'] = true; > $CFG['UserDBServer'] = 'localhost'; > $CFG['UserDBPort'] = 3306; > $CFG['UserDBName'] = 'loganalyzer'; > $CFG['UserDBPref'] = 'logcon_'; > $CFG['UserDBUser'] = 'root'; > $CFG['UserDBPass'] = ''; > $CFG['UserDBLoginRequired'] = false; > $CFG['UserDBConvertAllowed'] = true; > > I have already done "chown -R /var/www/html apache.apache", and the > mysqld is running with empty password listening on both 3306 and the > default /var/lib/mysql/mysql.sock(It made no difference when using > 127.0.0.1) So what am I missing? Should the schema be created beforehand > ? Then, what's it? It is really frustrating to get 500 without any clue, even with > *Debug* in config.php turned on. > > > Thanks, > Kaiwang > > > 2011/5/17 Andre Lorbach : > > It is called the UserDB System in LogAnalyzer and requires a Mysql > Database. > > See this link on how to enable the UserDB System: > > > http://wiki.rsyslog.com/index.php/How_to_to_use_convert.php_to_install > > _the_Us erdb-System_in_an_existing_LogAnalyzer_installation > > > > best regards, > > Andre > > > >> -----Original Message----- > >> From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] > >> Sent: Dienstag, 17. Mai 2011 12:53 > >> To: Andre Lorbach > >> Cc: phplogcon at lists.adiscon.com > >> Subject: Re: [phpLogCon] Is loganalyzer capable of generating offline > > report? > >> > >> So there is an admin panel I was not aware of... I noticed the admin > >> directory: > >> # ls admin/ > >> charts.php fields.php index.php reports.php searches.php > >> upgrade.php views.php dbmappings.php groups.php parsers.php > >> result.php sources.php users.php > >> > >> When I tried to access http://host/admin/, it displayed: The > >> LogAnalyzer > > user > >> system is currently disabled or not installed. What's the directive > >> to > > enable it? > >> I just followed the INSTALL, and it said nothing about admin panel. > >> > >> > >> Thanks, > >> Kaiwang > >> > >> > >> 2011/5/17 Andre Lorbach : > >> > Hi, > >> > > >> > as promised in my last email here is a faq article describing how > >> > to setup a scheduled report with LogAnalyzer on Debian: > >> > > >> > http://wiki.rsyslog.com/index.php/How_to_schedule_an_offline_report_w > >> i > >> > th_emai > >> > l_delivery_on_Debian > >> > > >> > I hope this helps you. > >> > > >> > Best regards, > >> > Andre Lorbach > >> > > >> >> -----Original Message----- > >> >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- > >> >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen > >> >> Sent: Dienstag, 17. Mai 2011 09:34 > >> >> To: phplogcon at lists.adiscon.com > >> >> Subject: [phpLogCon] Is loganalyzer capable of generating offline > > report? > >> >> > >> >> Hello, > >> >> > >> >> I just evaluated loganalyzer 3.2.1 stable release. > >> >> http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-r > >> >> ele > >> >> ased > >> >> > >> >> Fancy stuff, really. > >> >> > >> >> I experienced FortiAnalyzer serveral years ago, which is a > >> >> commertial product, closed-source and running is own hardware, > >> >> dedicated to Fortinet's products. It is capable of producting > >> >> statistics reports and mailing to configured receiver, so that one > >> >> could just check his mail to notice what's going on. > >> >> > >> >> Is loganalyzer shipped with such a feature, or is it in > >> >> development > > plan? > >> >> > >> >> Thanks, > >> >> Kaiwang > >> >> _______________________________________________ > >> >> phpLogCon mailing list > >> >> http://lists.adiscon.net/mailman/listinfo/phplogcon > >> >> http://www.phplogcon.org > >> > _______________________________________________ > >> > phpLogCon mailing list > >> > http://lists.adiscon.net/mailman/listinfo/phplogcon > >> > http://www.phplogcon.org > >> > > > From kaiwang.chen at gmail.com Wed May 18 14:54:02 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Wed, 18 May 2011 20:54:02 +0800 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References:

Message-ID: A clean installation process revealed the cause of missing php-mysql in Step 4 - Create Tables: Fatal error: Call to undefined function mysql_connect() in /var/www/html/install.php on line 312 which could be installed with "yum install php53-mysql.x86_64" in CentOS 5.6. Maybe you would like to add some words to keep careless guys from running into my case. I selected "enable UserDB" during the install process to avoid explicit convert.php invocation afterwards. Then everything worked well as I followed How_to_schedule_an_offline_report_with_email_delivery_on_Debian. Noticed that stock mail client(mailx-8.1.1-44.2.2) did not support attachments, I used mutt instead, and created pdf reports. Thanks a lot. Kaiwang 2011/5/18 Andre Lorbach : > Perhaps you should try to do a clean installation, or enable php error output > in your php.ini. > > Best regards, > Andre Lorbach > >> -----Original Message----- >> From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] >> Sent: Mittwoch, 18. Mai 2011 09:14 >> To: Andre Lorbach >> Cc: phplogcon at lists.adiscon.com >> Subject: Re: [phpLogCon] Is loganalyzer capable of generating offline > report? >> >> When I turn on 'UserDBEnabled', ther server simply returns 500, without any >> clue in /var/log/messages, /var/log/httpd/error_log. >> >> $CFG['UserDBEnabled'] = true; >> $CFG['UserDBServer'] = 'localhost'; >> $CFG['UserDBPort'] = 3306; >> $CFG['UserDBName'] = 'loganalyzer'; >> $CFG['UserDBPref'] = 'logcon_'; >> $CFG['UserDBUser'] = 'root'; >> $CFG['UserDBPass'] = ''; >> $CFG['UserDBLoginRequired'] = false; >> $CFG['UserDBConvertAllowed'] = true; >> >> I have already done "chown -R /var/www/html apache.apache", and the >> mysqld is running with empty password listening on both 3306 and the >> default /var/lib/mysql/mysql.sock(It made no difference when using >> 127.0.0.1) ?So what am I missing? Should the schema be created beforehand >> ? Then, what's it? It is really frustrating to get 500 without any clue, > even with >> *Debug* in config.php turned on. >> >> >> Thanks, >> Kaiwang >> >> >> 2011/5/17 Andre Lorbach : >> > It is called the UserDB System in LogAnalyzer and requires a Mysql >> Database. >> > See this link on how to enable the UserDB System: >> > >> http://wiki.rsyslog.com/index.php/How_to_to_use_convert.php_to_install >> > _the_Us erdb-System_in_an_existing_LogAnalyzer_installation >> > >> > best regards, >> > Andre >> > >> >> -----Original Message----- >> >> From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] >> >> Sent: Dienstag, 17. Mai 2011 12:53 >> >> To: Andre Lorbach >> >> Cc: phplogcon at lists.adiscon.com >> >> Subject: Re: [phpLogCon] Is loganalyzer capable of generating offline >> > report? >> >> >> >> So there is an admin panel I was not aware of... ?I noticed the admin >> >> directory: >> >> # ls admin/ >> >> charts.php ? ? ?fields.php ?index.php ? ?reports.php ?searches.php >> >> upgrade.php ?views.php dbmappings.php ?groups.php ?parsers.php >> >> result.php ? sources.php users.php >> >> >> >> When I tried to access http://host/admin/, it displayed: The >> >> LogAnalyzer >> > user >> >> system is currently disabled or not installed. What's the directive >> >> to >> > enable it? >> >> I just followed the INSTALL, and it said nothing about admin panel. >> >> >> >> >> >> Thanks, >> >> Kaiwang >> >> >> >> >> >> 2011/5/17 Andre Lorbach : >> >> > Hi, >> >> > >> >> > as promised in my last email here is a faq article describing how >> >> > to setup a scheduled report with LogAnalyzer on Debian: >> >> > >> >> >> http://wiki.rsyslog.com/index.php/How_to_schedule_an_offline_report_w >> >> i >> >> > th_emai >> >> > l_delivery_on_Debian >> >> > >> >> > I hope this helps you. >> >> > >> >> > Best regards, >> >> > Andre Lorbach >> >> > >> >> >> -----Original Message----- >> >> >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- >> >> >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen >> >> >> Sent: Dienstag, 17. Mai 2011 09:34 >> >> >> To: phplogcon at lists.adiscon.com >> >> >> Subject: [phpLogCon] Is loganalyzer capable of generating offline >> > report? >> >> >> >> >> >> Hello, >> >> >> >> >> >> I just evaluated loganalyzer 3.2.1 stable release. >> >> >> http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-r >> >> >> ele >> >> >> ased >> >> >> >> >> >> Fancy stuff, really. >> >> >> >> >> >> I experienced FortiAnalyzer serveral years ago, which is a >> >> >> commertial product, closed-source and running is own hardware, >> >> >> dedicated to Fortinet's products. It is capable of producting >> >> >> statistics reports and mailing to configured receiver, so that one >> >> >> could just check his mail to notice what's going on. >> >> >> >> >> >> Is loganalyzer shipped with such a feature, or is it in >> >> >> development >> > plan? >> >> >> >> >> >> Thanks, >> >> >> Kaiwang >> >> >> _______________________________________________ >> >> >> phpLogCon mailing list >> >> >> http://lists.adiscon.net/mailman/listinfo/phplogcon >> >> >> http://www.phplogcon.org >> >> > _______________________________________________ >> >> > phpLogCon mailing list >> >> > http://lists.adiscon.net/mailman/listinfo/phplogcon >> >> > http://www.phplogcon.org >> >> > >> > > From kaiwang.chen at gmail.com Wed May 18 15:01:20 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Wed, 18 May 2011 21:01:20 +0800 Subject: [phpLogCon] which log repository, mysql database or regular file? Message-ID: Hello, Actually, this is not a log analyzer issue. I am just wondering if the MySQL-way is better than simple files. Is there any discussion around? BTW, I use rsyslogd(rsyslog-3.22.1-3.el5_5.1) as log receiver. Thanks, Kaiwang From alorbach at ro1.adiscon.com Wed May 18 15:54:38 2011 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Wed, 18 May 2011 15:54:38 +0200 Subject: [phpLogCon] which log repository, mysql database or regular file? In-Reply-To: References: Message-ID: >From your other email, it looks like that the php mysql extensions are missing. For the advanced LogAnalyzer UserDB System, a mysql db us mandatory. This does not has any effect on the logstream sources. You can still use simple logfiles as logsource instead of mysql data. Best regards, Andre Lorbach > -----Original Message----- > From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- > bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen > Sent: Mittwoch, 18. Mai 2011 15:01 > To: phplogcon at lists.adiscon.com > Subject: [phpLogCon] which log repository, mysql database or regular file? > > Hello, > > Actually, this is not a log analyzer issue. I am just wondering if the MySQL- > way is better than simple files. Is there any discussion around? > BTW, I use rsyslogd(rsyslog-3.22.1-3.el5_5.1) as log receiver. > > Thanks, > Kaiwang > _______________________________________________ > phpLogCon mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon > http://www.phplogcon.org From kaiwang.chen at gmail.com Wed May 18 17:36:06 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Wed, 18 May 2011 23:36:06 +0800 Subject: [phpLogCon] which log repository, mysql database or regular file? In-Reply-To: References: Message-ID: Yes, but I became interested in the survey of deployment. Any idea? Thanks, Kaiwang 2011/5/18 Andre Lorbach : > From your other email, it looks like that the php mysql extensions are > missing. > For the advanced LogAnalyzer UserDB System, a mysql db us mandatory. This > does not has any effect on the logstream sources. You can still use simple > logfiles as logsource instead of mysql data. > > Best regards, > Andre Lorbach > >> -----Original Message----- >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen >> Sent: Mittwoch, 18. Mai 2011 15:01 >> To: phplogcon at lists.adiscon.com >> Subject: [phpLogCon] which log repository, mysql database or regular file? >> >> Hello, >> >> Actually, this is not a log analyzer issue. I am just wondering if the > MySQL- >> way is better than simple files. Is there any discussion around? >> BTW, I use rsyslogd(rsyslog-3.22.1-3.el5_5.1) as log receiver. >> >> Thanks, >> Kaiwang >> _______________________________________________ >> phpLogCon mailing list >> http://lists.adiscon.net/mailman/listinfo/phplogcon >> http://www.phplogcon.org > From alorbach at ro1.adiscon.com Thu May 19 10:10:03 2011 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Thu, 19 May 2011 10:10:03 +0200 Subject: [phpLogCon] which log repository, mysql database or regular file? In-Reply-To: References:

Message-ID: Both have their advantages. However using a Mysql Database as log-store will improve searching and reporting performance within LogAnalyzer, as the main filtering is done by the MySQL Server. Have syslogmessages in simple files is easy to setup and sufficient for single systems with average syslog load. Best regards, Andre Lorbach > -----Original Message----- > From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] > Sent: Mittwoch, 18. Mai 2011 17:36 > To: Andre Lorbach > Cc: phplogcon at lists.adiscon.com > Subject: Re: [phpLogCon] which log repository, mysql database or regular > file? > > Yes, but I became interested in the survey of deployment. Any idea? > > Thanks, > Kaiwang > > 2011/5/18 Andre Lorbach : > > From your other email, it looks like that the php mysql extensions are > > missing. > > For the advanced LogAnalyzer UserDB System, a mysql db us mandatory. > > This does not has any effect on the logstream sources. You can still > > use simple logfiles as logsource instead of mysql data. > > > > Best regards, > > Andre Lorbach > > > >> -----Original Message----- > >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- > >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen > >> Sent: Mittwoch, 18. Mai 2011 15:01 > >> To: phplogcon at lists.adiscon.com > >> Subject: [phpLogCon] which log repository, mysql database or regular file? > >> > >> Hello, > >> > >> Actually, this is not a log analyzer issue. I am just wondering if > >> the > > MySQL- > >> way is better than simple files. Is there any discussion around? > >> BTW, I use rsyslogd(rsyslog-3.22.1-3.el5_5.1) as log receiver. > >> > >> Thanks, > >> Kaiwang > >> _______________________________________________ > >> phpLogCon mailing list > >> http://lists.adiscon.net/mailman/listinfo/phplogcon > >> http://www.phplogcon.org > > From rgerhards at hq.adiscon.com Thu May 19 12:19:12 2011 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Thu, 19 May 2011 12:19:12 +0200 Subject: [phpLogCon] which log repository, mysql database or regular file? In-Reply-To: References:

Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DE19D@GRFEXC.intern.adiscon.com> > -----Original Message----- > From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- > bounces at lists.adiscon.com] On Behalf Of Andre Lorbach > Sent: Thursday, May 19, 2011 10:10 AM > To: Kaiwang Chen > Cc: phplogcon at lists.adiscon.com > Subject: Re: [phpLogCon] which log repository,mysql database or regular > file? > > Both have their advantages. However using a Mysql Database as log-store > will > improve searching and reporting performance within LogAnalyzer, as the > main > filtering is done by the MySQL Server. And the dual view is that from the front-end perspective (e.g. syslogd), there obviously is much more time required to get records into the database vs. flat files. There really is no general answer (except, of course, when your message rate outgrows your system's capability to do database inserts). Rainer > Have syslogmessages in simple files is easy to setup and sufficient for > single systems with average syslog load. > > Best regards, > Andre Lorbach > > > > -----Original Message----- > > From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] > > Sent: Mittwoch, 18. Mai 2011 17:36 > > To: Andre Lorbach > > Cc: phplogcon at lists.adiscon.com > > Subject: Re: [phpLogCon] which log repository, mysql database or > regular > > file? > > > > Yes, but I became interested in the survey of deployment. Any idea? > > > > Thanks, > > Kaiwang > > > > 2011/5/18 Andre Lorbach : > > > From your other email, it looks like that the php mysql extensions > are > > > missing. > > > For the advanced LogAnalyzer UserDB System, a mysql db us > mandatory. > > > This does not has any effect on the logstream sources. You can > still > > > use simple logfiles as logsource instead of mysql data. > > > > > > Best regards, > > > Andre Lorbach > > > > > >> -----Original Message----- > > >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- > > >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen > > >> Sent: Mittwoch, 18. Mai 2011 15:01 > > >> To: phplogcon at lists.adiscon.com > > >> Subject: [phpLogCon] which log repository, mysql database or > regular > file? > > >> > > >> Hello, > > >> > > >> Actually, this is not a log analyzer issue. I am just wondering if > > >> the > > > MySQL- > > >> way is better than simple files. Is there any discussion around? > > >> BTW, I use rsyslogd(rsyslog-3.22.1-3.el5_5.1) as log receiver. > > >> > > >> Thanks, > > >> Kaiwang > > >> _______________________________________________ > > >> phpLogCon mailing list > > >> http://lists.adiscon.net/mailman/listinfo/phplogcon > > >> http://www.phplogcon.org > > > > _______________________________________________ > phpLogCon mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon > http://www.phplogcon.org From kaiwang.chen at gmail.com Thu May 19 18:14:22 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Fri, 20 May 2011 00:14:22 +0800 Subject: [phpLogCon] which log repository, mysql database or regular file? In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DE19D@GRFEXC.intern.adiscon.com> References:

<9B6E2A8877C38245BFB15CC491A11DA71DE19D@GRFEXC.intern.adiscon.com> Message-ID: Great. I'd better use mysql to store logs, otherwise I should have to maintain both a mysql instance for UserDB and plain file repository. Thanks, Kaiwang 2011/5/19 Rainer Gerhards : >> -----Original Message----- >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- >> bounces at lists.adiscon.com] On Behalf Of Andre Lorbach >> Sent: Thursday, May 19, 2011 10:10 AM >> To: Kaiwang Chen >> Cc: phplogcon at lists.adiscon.com >> Subject: Re: [phpLogCon] which log repository,mysql database or regular >> file? >> >> Both have their advantages. However using a Mysql Database as log-store >> will >> improve searching and reporting performance within LogAnalyzer, as the >> main >> filtering is done by the MySQL Server. > > And the dual view is that from the front-end perspective (e.g. syslogd), > there obviously is much more time required to get records into the database > vs. flat files. There really is no general answer (except, of course, when > your message rate outgrows your system's capability to do database inserts). > > Rainer > >> Have syslogmessages in simple files is easy to setup and sufficient for >> single systems with average syslog load. >> >> Best regards, >> Andre Lorbach >> >> >> > -----Original Message----- >> > From: Kaiwang Chen [mailto:kaiwang.chen at gmail.com] >> > Sent: Mittwoch, 18. Mai 2011 17:36 >> > To: Andre Lorbach >> > Cc: phplogcon at lists.adiscon.com >> > Subject: Re: [phpLogCon] which log repository, mysql database or >> regular >> > file? >> > >> > Yes, but I became interested in the survey of deployment. Any idea? >> > >> > Thanks, >> > Kaiwang >> > >> > 2011/5/18 Andre Lorbach : >> > > From your other email, it looks like that the php mysql extensions >> are >> > > missing. >> > > For the advanced LogAnalyzer UserDB System, a mysql db us >> mandatory. >> > > This does not has any effect on the logstream sources. You can >> still >> > > use simple logfiles as logsource instead of mysql data. >> > > >> > > Best regards, >> > > Andre Lorbach >> > > >> > >> -----Original Message----- >> > >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- >> > >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen >> > >> Sent: Mittwoch, 18. Mai 2011 15:01 >> > >> To: phplogcon at lists.adiscon.com >> > >> Subject: [phpLogCon] which log repository, mysql database or >> regular >> file? >> > >> >> > >> Hello, >> > >> >> > >> Actually, this is not a log analyzer issue. I am just wondering if >> > >> the >> > > MySQL- >> > >> way is better than simple files. Is there any discussion around? >> > >> BTW, I use rsyslogd(rsyslog-3.22.1-3.el5_5.1) as log receiver. >> > >> >> > >> Thanks, >> > >> Kaiwang >> > >> _______________________________________________ >> > >> phpLogCon mailing list >> > >> http://lists.adiscon.net/mailman/listinfo/phplogcon >> > >> http://www.phplogcon.org >> > > >> _______________________________________________ >> phpLogCon mailing list >> http://lists.adiscon.net/mailman/listinfo/phplogcon >> http://www.phplogcon.org > From kaiwang.chen at gmail.com Tue May 17 09:34:27 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Tue, 17 May 2011 15:34:27 +0800 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? Message-ID: Hello, I just evaluated loganalyzer 3.2.1 stable release. http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-released Fancy stuff, really. I experienced FortiAnalyzer serveral years ago, which is a commertial product, closed-source and running is own hardware, dedicated to Fortinet's products. It is capable of producting statistics reports and mailing to configured receiver, so that one could just check his mail to notice what's going on. Is loganalyzer shipped with such a feature, or is it in development plan? Thanks, Kaiwang From alorbach at ro1.adiscon.com Tue May 17 11:31:11 2011 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Tue, 17 May 2011 11:31:11 +0200 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References: Message-ID: Hi, as promised in my last email here is a faq article describing how to setup a scheduled report with LogAnalyzer on Debian: http://wiki.rsyslog.com/index.php/How_to_schedule_an_offline_report_with_emai l_delivery_on_Debian I hope this helps you. Best regards, Andre Lorbach > -----Original Message----- > From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- > bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen > Sent: Dienstag, 17. Mai 2011 09:34 > To: phplogcon at lists.adiscon.com > Subject: [phpLogCon] Is loganalyzer capable of generating offline report? > > Hello, > > I just evaluated loganalyzer 3.2.1 stable release. > http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-released > > Fancy stuff, really. > > I experienced FortiAnalyzer serveral years ago, which is a commertial > product, closed-source and running is own hardware, dedicated to Fortinet's > products. It is capable of producting statistics reports and mailing to > configured receiver, so that one could just check his mail to notice what's > going on. > > Is loganalyzer shipped with such a feature, or is it in development plan? > > Thanks, > Kaiwang > _______________________________________________ > phpLogCon mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon > http://www.phplogcon.org From kaiwang.chen at gmail.com Tue May 17 12:52:57 2011 From: kaiwang.chen at gmail.com (Kaiwang Chen) Date: Tue, 17 May 2011 18:52:57 +0800 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References: Message-ID: So there is an admin panel I was not aware of... I noticed the admin directory: # ls admin/ charts.php fields.php index.php reports.php searches.php upgrade.php views.php dbmappings.php groups.php parsers.php result.php sources.php users.php When I tried to access http://host/admin/, it displayed: The LogAnalyzer user system is currently disabled or not installed. What's the directive to enable it? I just followed the INSTALL, and it said nothing about admin panel. Thanks, Kaiwang 2011/5/17 Andre Lorbach : > Hi, > > as promised in my last email here is a faq article describing how to setup a > scheduled report with LogAnalyzer on Debian: > http://wiki.rsyslog.com/index.php/How_to_schedule_an_offline_report_with_emai > l_delivery_on_Debian > > I hope this helps you. > > Best regards, > Andre Lorbach > >> -----Original Message----- >> From: phplogcon-bounces at lists.adiscon.com [mailto:phplogcon- >> bounces at lists.adiscon.com] On Behalf Of Kaiwang Chen >> Sent: Dienstag, 17. Mai 2011 09:34 >> To: phplogcon at lists.adiscon.com >> Subject: [phpLogCon] Is loganalyzer capable of generating offline report? >> >> Hello, >> >> I just evaluated loganalyzer 3.2.1 stable release. >> http://loganalyzer.adiscon.com/news/loganalyzer-v3-2-1-v3-stable-released >> >> Fancy stuff, really. >> >> I experienced FortiAnalyzer serveral years ago, which is a commertial >> product, closed-source and running is own hardware, dedicated to Fortinet's >> products. It is capable of producting statistics reports and mailing to >> configured receiver, so that one could just check his mail to notice what's >> going on. >> >> Is loganalyzer shipped with such a feature, or is it in development plan? >> >> Thanks, >> Kaiwang >> _______________________________________________ >> phpLogCon mailing list >> http://lists.adiscon.net/mailman/listinfo/phplogcon >> http://www.phplogcon.org > _______________________________________________ > phpLogCon mailing list > http://lists.adiscon.net/mailman/listinfo/phplogcon > http://www.phplogcon.org > From alorbach at ro1.adiscon.com Tue May 17 14:29:26 2011 From: alorbach at ro1.adiscon.com (Andre Lorbach) Date: Tue, 17 May 2011 14:29:26 +0200 Subject: [phpLogCon] Is loganalyzer capable of generating offline report? In-Reply-To: References: