Various processes log in various formats to various locations with various roll-over logic in /var/log.
I'd like a log-viewer that can handle a decent quantity of data, join roll-over log files, and ideally could even interleave log records to get a timeline of what happened on the machine.
For example, I saw a CPU usage spike at a certain time this morning and I'd like to see if there's anything in any of the logs that explains it.
P.S. Yes I realize there's configuration issues like Apache logs can be "anything" so you'd need to tell the log viewer how to parse, and yes I understand that interleaving is hard between products because few columns (except possible "date" and "general message") would necessarily line up.
Best Answer
If you've got less than 500MB/day and are only monitoring a single server -- or don't mind paying, you're probably looking for Splunk.