I am currently evaluating sawmill for usage in several of our customers.I know you cant have several profiles merge into a meta-profile to make a report, but...
1) if I use external databases, I should be able to get the data I want from the multiple databases sawmill creates.
Question is, do the databases have some field to indicate which machine that data is coming from (in the case of a profile that aggregates webserver logs from many machines, for example)?
2) is there any way to trigger the update of the database for a particular profile BUT not in the sawmill console? The idea being that you would hit a button on a portal to update the database log for a particular profile. i.e. having a "force refresh" option - be it a command-line option, web button, anything.
3) is the above update a "smart" update - i.e. will sawmill only read and process NEW entries in the log, or will it read the ENTIRE log then process that?
What we want is the following: Having some sort of event (lets say, mail server is down), being able to have a user generate _something_ that can show all logs on the machine (or group of machines, in case of a webserver with redundancy and load-balancing). However these logs would be mailserver logs, windows event logs, etc.
Usually, the user would work like this:
1) Some service, hosted by MachineA goes down.
2) user forces an update of the database for MachineA - sawmill reads the sysLog, downedServiceLog, someOtherLog for MachineA (or in case that isnt possible, for all logs of those types).
3) A view is generated to show the past-hour (or so) of log entries for Machine A, of all log types that are monitored (sysLog, downedServiceLog, someOtherLog).
I believe you can easily view the usefullness of this.
Printer-friendly copy
