The sys admin's daily grind: phpLogCon

Milking Machine 2.0

By Charly Kühnast

In last month's issue, I talked about RSyslog, a replacement for the syslog daemons [1]. Instead of referencing the standard logfiles in /var/log, RSyslog works with one or multiple databases in which it logs local results or data supplied by remote servers. I always use one database, Maillog, for the mail facility, and a second database, syslog, for all other messages.

A couple of scripts extract statistics on spam filter performance from the Maillog DB.

Quick Queries

All of this works perfectly, but it's not much use if I just need to check some information from the database quickly - for example, if a colleague is missing an email.

Or maybe I just want to know which spam filter is blocking the most mail to my address. (Incidentally, it's Backup MX, which spammers seem to favor as a general rule.) In cases like this, I turn to phpLogCon [2], a web front end for quick queries. If you happen to be sitting in front of somebody else's machine and only have access to a browser, the software gives you easy access to the most popular database queries.

phpLogCon offers simple, web-based installation and is geared for working with multiple logfiles and for multiple, authorized users.

Web Interface

The web interface could be tidier, but at least it is not totally overloaded (Figure 2).

Figure 2: The phpLogCon web might not win any beauty contests, but it does give administrators fast search results.

I can set the verbosity to between 5 and 2,000 entries per page and sort the results in ascending or descending order by date, facility, urgency, and host name.

Also, phpLogCon will highlight occurrences of a specified term in the results set.

Limiting a Search

Because I need to process fairly large logfiles, selecting the period of time I want to search is particularly useful. For example, if I already know that an error occurred some time between 2:00 and 4:00pm, it wouldn't make much sense to scour the whole log database - I can just set the search window in Manual event date selection.

Filter Options

On top of this, the Filter options let me set an urgency level (between 0 for Emergency and 7 for Debug). phpLogCon's author also kindly provides automatic updates and a readable FAQ.

What the phpLogCon web interface unfortunately does not offer is queries with multiply AND- or OR-linked search keys. For the time being, it's back to the command line for queries of this kind (see Figure 1), but on a brighter note, work on version 2.0 is in progress.

Figure 1: If phpLogCon throws in the towel in the face of complex queries, it's back to the command line for Charly.