tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-13 04:58:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

improved doc

Browse Source
This commit is contained in:
Rainer Gerhards 2008-10-14 18:05:43 +02:00
parent 9c766f7c9c
commit 2e22324ee9
4 changed files with 105 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/basics.html
View File

@ -38,7 +38,10 @@ do anything special.
<p>With phpLogCon, you can search any datasource for a variety of properties.
By default, text is searched within the msg part of the message. However, quite
complex searches can be performed. It is suggested to use the "advanced search"
button to build these. Note that searches are done via http get requests. That
button to build these. Alternatively, you can also review the
<a href="searching">&quot;phpLogCon search syntax&quot;</a> documentation to see how
to craft complex searches manually.
<p>Note that searches are done via http get requests. That
means you can copy and paste an url (or bookmark and email it) and that URL
will contain a complete source. This is actually a great way to send searches
to a co-worker or have some automatted process (eg via cron &quot; wget) pull specific

3
doc/manual.html
View File

@ -21,12 +21,15 @@ example those that are written by the syslgod.
<li><a href="basics.html">phpLogCon basics <b>Important - read this!</b></a></li>
<li><a href="searching.html">phpLogCon Search syntax</a></li>
<li><xa href="">phpLogCon configuration parameters</a></li>
<li><a href="textfiles.html">working with text log files</a></li>
<li><a href="windowsevent.html">using Windows Event Logs with phpLogCon</a></li>
<li><a href="troubleshoot.html">troubleshooting phpLogCon problems</a></li>
<li><a href="professional_services.html">phpLogCon professional services</a></li>
</ul>
<p><b>We have some in-depth papers on</b></p>
<ul>
<li><a href="build_from_repo.html">obtaining phpLogCon from the source repository</a></li>
<li><a href="http://www.mwagent.com/Common/en/Articles/setup_mwagent_webserverlogging_phplogcon_mysql.php">consolidating web server logs and viewing them with phpLogCon [Windows/Apache]</a></li>
<!--
<li><a href="install.html">installing phpLogCon</a></li>
<li><a href="debug.html">debug support in rsyslog</a></li>

64
doc/textfiles.html Normal file
View File

@ -0,0 +1,64 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<title>Using text log files with phpLogCon</title>
</head>
<body>
<h1>Using text log files with phpLogCon</h1>
<p><b>PhpLogcon natively supports operting on text log files.</b> So there
is no need to put log data into databases. Each approach has advantages
and disadvantages, which we will not discuss in this paper. Here, we focus
on how text log files are supported.
<p>We assume that the reader is familiar with <a href="basics.html">basic
phpLogCon concepts</a>. If you are not, get aquainted to them, first.
<h2>Requirements for text log files </h2>
<p>PhpLogCon can operate on any standard text log file, that means a file that
purely consists of printable characters and uses LF (linefeed, newline) characters
as log line terminators. Most importantly, this includes standard syslog files
as well as web server and other application logs.
<p>A data source is defined to pull data from a text log file. Note that only a single
text log file can be contained in any data source.
<h2>Working with text log files</h2>
<p><b>Text log files are just regular data sources. You can work with them like
with any other data sources, for example, you can browse them, search them,
generate graphics from the or base reports on their content.</b> Depending on the
size of the text log and on the operation being performed, performance may be
worse or even better than with using database-based data sources. For typical
operations and typical text file sizes, performance should be quite well.
<p>Note that some options make limited sense when working with text log files.
For example, you may set a filter with a broad date range, but the text log
file will, for obvious reasons, only provide what is currently contained in it.
For typical syslog files, that will probably mean they contain maximum one
day's data.
<h2>Use Cases for Text Log Files</h2>
<p>A typical use case is in a hosting environment. There, phpLogCon may
be used to do an online review of log data, via the web and without the need
to log into an SSH session. This can be very handy to learn what is currently
going on or, for example, to verify if an important mail left your system.
<p>Another use case is that you would like to keep an eye on some local text files,
for example while debugging an installation. Instead of reconfiguring your whole
logging system, you can set up a phpLogCon instance and point it to the log files
in question. Keep in mind that you are not restricted to syslog files. For example,
you may want to add additional application text log files as data sources as well.
With the cross-datasource search capability, you can quickly follow events across
the boundaries of log servers.
<p>For secuity sensitive-environments, the access to phpLogCon can be protected
by several levels, e.g. user authentication or IP ranges at the firewall or
http server level. Also, one may consider to activate a phpLogCon instance only
when actually needed to do troubleshooting and keep it "turned off" at other times.
The beauty of text log files is that you do not need to reconfigure the whole
logging system to do so. All that is needed is to disable the web site inside
the http server.
<p>[<a href="manual.html">manual index</a>] [<a href="http://www.phplogcon.com/">phpLogCon site</a>]</p>
<p><font size="2">This documentation is part of the
<a href="http://www.phplogcon.com/">phpLogCon</a>
project.<br>
Copyright &copy; 2008 by
<a href="http://www.adiscon.com/">Adiscon</a>.
Released under the GNU GPL version 3 or higher.</font></p>
</body></html>

34
doc/windowsevent.html Normal file
View File

@ -0,0 +1,34 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<title>Using Windows Event Logs with phpLogCon</title>
</head>
<body>
<h1>Using Windows Event Logs with phpLogCon</h1>
<p>phpLogCon provides a message parser that understand Windows Event Log entries
in Adiscon common format. With that parser, all Windows event log properties can be
easily accessed, displayed and searched for.
<h2>How to get hold of the Windows Event Log Data</h2>
<p>phpLogCon does not (yet) provide a data source driver to natively pull the log entries
from the Windows event logs. So it needs to be delivered to it. This can be done with
Adiscon's <a href="http://www.eventreporter.com">EventReporter</a> or
<a href="http://www.mwagent.com">MonitorWare Agent</a> software. These Agents are
excuted either on each Windows machine (or a single machine doing remote monitoring)
and the events extracted are written to phpLogCon's datasource (either a file or
database). Depending on your network setup, you may have some intermediate systems,
in which case the actual write to the data source is done by something like
<a href="http://www.winsyslog.com">WinSyslog</a> or <a href="http://www.rsyslog.com">rsyslog</a>.
<p>Once the data is inside the data source, the event log subparser does the rest. Together
with proper view defininitions, it provides a native-like view and search capability of
that data. Please note that Windows Event Log Fields can also be used as sources for
drawing graphics.
<p>[<a href="manual.html">manual index</a>] [<a href="http://www.phplogcon.com/">phpLogCon site</a>]</p>
<p><font size="2">This documentation is part of the
<a href="http://www.phplogcon.com/">phpLogCon</a>
project.<br>
Copyright &copy; 2008 by
<a href="http://www.adiscon.com/">Adiscon</a>.
Released under the GNU GPL version 3 or higher.</font></p>
</body></html>