Unified logs - ORF Forums

Unified logs RSS Back to forum


So, now we can external SQL with multi-server usage, may be you update ORF to use SQL also for unified logs?

by SimWhite 6 years ago

@SimWhite: We will probably add some sort of support for unified log views in the upcoming versions, although SQL storage is an unlikely candidate for a number of reasons, such as difficulty of setup, inefficient storage or performance challenges.

We are still compiling the feature set of ORF 5.1, but one feature candidate is a simple change that would allow the ORF Log Viewer to scan into subdirectories for logs. This would enable symlinking (http://en.wikipedia.org/wiki/NTFS_symbolic_link) log directories from multiple servers into a single local or network location as subdirectories, as long as the servers see each other on SMB. It is not very user-friendly, but it is a workaround that can be done quickly until the real thing arrives. This specific feature can be voted at http://vamsoft.com/support/feature-requests/log-viewer-load-log-files-from-multiple-servers.

by Péter Karsai (Vamsoft) 6 years ago
(in reply to this post)


"as long as the servers see each other on SMB"
Thats something I would not like in a DMZ.
Having SQL for greylisting aso would probably recommend storing logs/reports there to (at least as an option).

by n.fehlauer 6 years ago

@n.fehlauer: I understand your reasoning and how using SMB can be a security/configuration concern. However, SQL -- as promising choice as it may appear -- is probably not the answer, because it is not meant for mass data download (it is more for sorting, searching and reducing the data set on the server-side). Not that ORF would bring down a reasonably well-setup MSSQL instance, but it'd be rather inefficient and slow to transfer and load huge datasets. We employ high-performance file access and much optimized log parsing to achive the current performance, this would surely and significantly suffer over SQL.

The new remote administration feature could serve as basis to load logs from multiple servers, though (that'd be the "real thing" I talked about in my previous post).

by Péter Karsai (Vamsoft) 6 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2