Bachelor Thesis: Centralized and structured log file analysis with Open Source and Free Software tools

After a lot of hard work I finished my bachelor thesis end of August and gave my colloquium end of September. Because of all the other stuff going on in my life I just have now time to upload my thesis.

I’m interested in log file analysis for a long time, but in the last years a lot has happened in this area. Here the abstract:

This thesis gives an overview on the Open Source and Free Software tools available for a centralized and structured log file analysis. This includes the tools to convert unstructured logs into structured log and different possibilities to transport this log to a central analyzing and storage station. The different storage and analyzing tools will be introduced, as well as the different web front ends to be used by the system administrator. At the end different tool chains will be introduced, that are well tested in this field.

Because of the time delay, some infos are already dated, but only two things, as fas as I know:

1. Graylog2 has now a new version available in Beta.

2. logstash has release a new version 1.2.1

I will keep this updated over time here on the blog, so have a look from time to time. If you find any problem, please inform me here at the blog or via mail:  “logfiles” (add the @ at the right place).

The URL of the Thesis is at:

Have a log of fun and tell me what you think.

This entry was posted in Enterprise Linux, Fedora, Linux, logs and tagged , . Bookmark the permalink.

1 Response to Bachelor Thesis: Centralized and structured log file analysis with Open Source and Free Software tools

  1. Eggplant says:

    Dear Jens,
    Your work is noteworthy. I’m keeping the thesis for future reference (hope you will give the permission).

    Will you please include your internet link (this site address or email) in future update, that will make source finding easy.

    So far, I have only one objection:
    Please don’t use the term “dead project” till the source code is available. This is the big difference for a FOSS project to a programmer.
    I would prefere “inactive” or “last released on YYYYMMDD”, that will also create awareness about the project without hurting.


Comments are closed.