Logging: Global Search of Log Files
Add the ability to globally search all logs for matching strings from a single entry box for a specified date/time range.
This feature is planned for the UTM 9.2 release later in 2013. Stay tuned.
Paul Barret commented
I guess this still has yet to be implemented (Ver 9.3)!! I currently export all my log data out to syslog server which I can query with ELSA however... maybe in the case of an IR being able to query all the logs on the UTM with a single search eg IP address, would be useful.
Any comment SOPHOS??
any word on this? This was not implemented in 9.2
It would be great to add this feature to help us search logs by a time range like from 10H to 11H (for example)
Bobs Idea sounds even better!
I am still missing a filter by "custom time" like: "last 20 minutes" in ALL log viewers, just "today" is useless if you already have some 100 MBs in a log.
Bob Alfson commented
Instead of a global search, I'd prefer the ability to hold down the Ctrl key to select a specific combination of files.
it would be useful
Christopher Thorjussen commented
The problem here would be that splunk only supports 500MB of raw logs per day. More costs money - lots of money. But then again, we could always have a configureable what-to-log-to-splunk page, with some recommended settings.
Btw - my packetfilter.log file is about 600MB a day on my ASG7 - and thats only with about 50 users and a few servers (at the office). I log everything though.
Btw2 - perhaps Astaro could make a good deal with splunk and have them make a special version for Astaro which does not support normal input/forward as it normally does (enterprise edition needed for forwarding)