Centralized logging of events has been an important part of the IT infrastructure for many years. It is more convenient to browse logs in a central location rather than viewing them on individual machines. Central storage is also more secure. Even if logs stored locally are altered or removed, one can still check the logs on the central log server. Compliance with different regulations also makes central logging necessary. (This is an updated version of my previous syslog-ng web gui blog.)

Central logging of events is already an important part of the IT infrastructure for many years. It is more convenient to browse logs at a central location instead of on individual machines. It is also more secure, as even if an individual machine is compromised, and local logs are altered or removed, one can still check the logs on the central log server. Compliance with different regulations also makes central logging necessary.

System administrators prefer to use the command line. Why bother with GUIs? Grep, awk & Co. are powerful tools, but for complex queries an SQL based web interface makes the job done a lot more quicker. Once there are many messages to search, it’s not just convenient, it’s a must. With thousands of incoming messages a second, the indexes of log databases still give Google like response times even for the most complex queries, while traditional text based tools don’t scale.

In this comparison of web GUIs for syslog-ng I try to cover solutions from simple scripts to browse logs through cloud logging to enterprise level applications. All of these have different strengths and weaknesses, and target different usage scenarios.