Log repository archival searches
Posted: Mon Jul 20, 2020 12:00 pm
Good morning Nagios team,
Would you ever consider creating a secondary application that would allow Log Server administrators to perform archival searches of non-live logs? For example, currently due to storage restrictions, we're only able to keep roughly 30 days of live logs to perform searches against. Anything older needs to manually be reloaded into the console. We retain 2 years of logs per our agency policy, so if we need to go back say 18 months it creates a lot of overhead work for the Log Server admin team and in most cases can be a slow process.
I know Exchange has a mail archiver that allows for rapid search only processes against e-mail databases. I was wondering if you have ever considered implementing something like that for Log Server. A "search only" console where all the resources are devoted entirely to performing searches against a log repository.
Maybe something like that already exists? I don't know, but it would be really cool to have if it doesn't.
Would you ever consider creating a secondary application that would allow Log Server administrators to perform archival searches of non-live logs? For example, currently due to storage restrictions, we're only able to keep roughly 30 days of live logs to perform searches against. Anything older needs to manually be reloaded into the console. We retain 2 years of logs per our agency policy, so if we need to go back say 18 months it creates a lot of overhead work for the Log Server admin team and in most cases can be a slow process.
I know Exchange has a mail archiver that allows for rapid search only processes against e-mail databases. I was wondering if you have ever considered implementing something like that for Log Server. A "search only" console where all the resources are devoted entirely to performing searches against a log repository.
Maybe something like that already exists? I don't know, but it would be really cool to have if it doesn't.