LogAnalyzer is a powerful but simple log file analysis tool. The upstream web site gives an online demo.
It is developed in PHP, runs in Apache and has no other dependencies such as databases - it can read directly from the log files.
For efficiency, however, it is now trivial to make it work with MongoDB on Debian.
Using a database (including MongoDB and SQL backends) also means that severity codes (debug/info/notice/warn/error/...) are retained. These are not available from many log files. The UI can only colour-code and filter the messages by severity if it has a database backend.
Quick start with MongoDB
The version of rsyslog in Debian wheezy does not support MongoDB output. It is necessary to grab 7.4.8 from backports.
Some versions, up to 7.4.4 in backports, had bugs with MongoDB support - if you tried those, please try again now.
The backported rsyslog is a drop-in replacement for the standard rsyslog package and for users with a default configuration it is unlikely you will notice any difference. For users who customized the configuration, as always, make a backup before trying the new version.
- Install all the necessary packages: apt-get install rsyslog-mongodb php5-mongo mongodb-server
- Add the following to /etc/rsyslog.conf:
module (load="ommongodb") *.* action(type="ommongodb" server="127.0.0.1" db="logs" collection="syslog")
- Look for the MongoDB settings in /etc/loganalyzer/config.php and uncomment them. Comment out the stuff for disk log access.
- Restart rsyslog and then browse your logs at http://localhost/loganalyzer