2

I am looking into writing my application's log files to a syslog server in addition to plain old log files.

Are there any alternatives to syslogd? Currently we do not run any Linux servers, so it would be ideal if I could find a Windows solution so that I would not need to worry about an addition machine (even if that is only a VM).

What are good products for log visualization? I've come across logfaces, but would like to know other solutions.

Not sure if it matters, but we are using log4j.

Pablo
  • 2,054
  • 8
  • 30
  • 56

3 Answers3

1

Are there any alternatives to syslogd? Currently we do not run any Linux servers, so it would be ideal if I could find a Windows solution so that I would not need to worry about an addition machine

3CDaemon utilities include a syslog server (along with FTP/TFTP servers etc).It is for Windows and it is free.
3CDaemon Utilities-Windows

Not sure if it matters, but we are using log4j.

I have tried SyslogAppender with 3CDaemon and it works. You can try it.

Cratylus
  • 52,998
  • 69
  • 209
  • 339
1

There is some thin line between so called "system log" and "application log". I don't think syslog is a good idea for application logs, I think syslog fits better system related info (as the name goes), - the stuff around your own application which helps your application go - the infrastructure, drivers, services, daemons, guys like that. I could be wrong though.., not sure there are written rules about it, just using common sense.

I would definitely advise against windows EventLog as a medium for application logs. Usually what you want to write into EventLog is that "system" stuff you would normally write into syslog - service started, service died, driver failed, etc. I wouldn't place any internal application traces into there.

If you have difficulties with logFaces, please jot me a line (I'm its author)

Dima
  • 4,068
  • 4
  • 38
  • 47
  • I don't have any difficulties with logFaces, as I haven't tried it yet. Just wanted to see alternatives. As "application vs system", my app is so massively large that it is a system by itself. Thus the need for a dedicated log solution to pull all parts together. – Pablo Feb 15 '11 at 19:59
  • I didn't mean the size, rather the content. There are tools which would consolidate any type of logs into one giant indexed store - Splunk comes to mind, or XpoLog... – Dima Feb 15 '11 at 21:42
  • Actually syslog is very suitable for applications.The idea behind this is that the app can send real-time log data to the server for the administrator to inspect on the spot. It is not about sending log related to technical aspects of your applications.Rather information relating to various actions e.g. alerts, audit logs etc – Cratylus Feb 15 '11 at 22:11
  • @user384706: well, yes, some of it probably will work. But again, it depends. If you want to track execution logic, threads, context information, source code origin of the message, exception stack traces, or apply rules for formatting the layout of your log statements - I'd say syslog isn't there. But often application can decide which logs go where - some go for admin attention, some go for developer, etc. For example using log4j appenders the application can control what goes where. Sure you can dump everything together.. No law against this, it's just hard to deal with after. – Dima Feb 16 '11 at 08:05
0

If you're Windows only, surly the Windows EventLog would be more appropriate than syslog.

Log4J has the NTEventLogAppender for this purpose

nos
  • 223,662
  • 58
  • 417
  • 506
  • The reason we are considering syslog instead of Event Log is that we want to consolidate all log files from all services we are running (some 3rd party) to a unique place, and some will not support Event logs. – Pablo Feb 14 '11 at 21:06
  • @pablo How so - you mean that other stuff does only have syslog support - while runnign on windows, and are not using some pluggable logging api like log4j ? – nos Feb 14 '11 at 21:27
  • Yes. Some libraries write are just logging to arbitrary log files. – Pablo Feb 15 '11 at 20:00