06. July 2006 · Write a comment · Categories: Blog

I recently ran across this ridiculously cool software package called “Splunk >”. If you work in an IT department and want to centralize your viewing of log files for Solaris, Linux, BSD, and Windows, Splunk> is the way to go. I manage several FreeBSD servers at my work and viewing log files gets time consuming and cumbersome at best. Splunk> indexes all log files from your designated hosts and gives you a nice web front end that is clean looking and functional for viewing those log files.

Splunk> is expensive for the professional version, but because I have only half a dozen BSD boxes and an equal number of Windows boxes, the free version suits my environment just fine. The maximum indexing for the free version is 500 MB/day –That’s a lot of log files! In less than an hour I had splunk up and running on one of my higher-end BSD boxes. Yes, you will need a beast of a machine to run Splunk >. They state a minimum of 1x 1.4 GHz CPU, 1 GB RAM, but recommend 2x 2.8 GHz CPU, 4 GB RAM and 1.5 x the maximum amount of log files for disk space.

I have two servers that are getting logs indexed by Splunk > and so far, so good. My next step is to add the Windows boxes and get those piped into Splunk > as well. One interface for viewing all log files, Splunk > just made my life a lot easier!