System Log Analysis & Profiling System 2 (SLAPS-2), is a collection of programs that filter Unix systems logs on a centralized log server in order to produce a series of reports that provide a snapshot of system operation over the past analysis period (e.g., 24 hours). These programs, developed in Perl and enhanced over the past ten years, function as an autonomous process to scan specifiable log files, create the analysis reports from those log files, distribute the reports eletronically to targeted recipients and manage the rotation of the log files used during the analysis. (See SLRS for a complementary system log rotation service.)
SLAPS-2 is based on the premise of a heterogenoeous environment of Unix servers and workstations existing within an enterprise with little or no formalized network system log services. As such, since these log files exist and are only referenced when a problem has been detected by other means, SLAPS-2 facilitates the collection of this vital information on one or more centralized servers with periodic filtering of the collected information into a set of comprehensible and informative reports.
The utilization of the centralized log server provides an enterprise with a vehicle to monitor the status of any client Unix platform on the network without the need for distributed monitoring agents on each system. Intelligent peripherals, such as printers, routers and switches can also be integrated into SLAPS-2 as clients. Monitoring can be further extended to include clients from other non-Unix environments such as Microsoft's Windows NT and Windows 2000 through the use of commercially available agents and/or customer developed agents (e.g., under Perl).
While the basic reports generated by SLAPS-2 should be considered reactive (one might not learn of the occurrence of an incident for up to the full extent of the time window defining the analysis period), integration of additional Perl based freeware tools, such Flog and Swatch, on the centralized log servers can provide a more proactive response to an incident trigger. Thus an environment can be easily configured where critical incidents will trigger immediate responses (e.g., by sending e-mail or automated pages) and generate a daily summarization of all incidents.
When properly implemented, the data collected by SLAPS-2 on the centralized log servers can be admissible in a court of law. In addition, it can help identify hardware faults and/or conditions before the existence of the fault and/or condition becomes fatal to the system on which the fault and/or condition occurs. Finally, when used in conjunction with performance monitoring tools such as Virtual Adrian under Solaris, an enterprise wide evaluation of system interaction performance becomes possible.