All,
I need to analyze a huge amount of Apache logs.
Now I had the idea to import them into LEM.
Any idea how to get this done?
,
Thank you in advance
Heiko
There are limitations to feeding data into LEM after the fact - the most notable of which is that all your data will be searched and reported based on Detection Time and the time on the appliance, though the Insertion Time value (original log version) WILL be collected and shown.
If you want to do this: On a system you DO have access to, create an Apache Access log connector and have it reference an empty file. Open the empty file and paste your log contents into it (or on unix, cat original-log.log >> empty-log.log). The data will come in as fast as it possibly can be read, with DetectionTime values that are very similar, but you can search for specific data or report on it. It won't be useful against your rules because the data will be too old, but will show up in filters also.
You will need to install the LEM agent on the boxes with the Apache logs and then configure the Apache connector for the Apache logs on those systems from the LEM console.
Hope this helps!
Thank you ,
in this case this is impossible. We got the logfiles from our Hosting Provider and we now need to analyze them without having direct Access to the physical boxes.
/Heiko
Thank you for the nice workaround....
byrona and jhynds, is the importing of files process still about the same as June 2013 when Apache Access log connectors were the only way to bring files into LEM offline (vs arriving as syslog over the network)? Same limitations?
