Various processes log in various formats to various locations with various roll-over logic in /var/log
.
I'd like a log-viewer that can handle a decent quantity of data, join roll-over log files, and ideally could even interleave log records to get a timeline of what happened on the machine.
For example, I saw a CPU usage spike at a certain time this morning and I'd like to see if there's anything in any of the logs that explains it.
P.S. Yes I realize there's configuration issues like Apache logs can be "anything" so you'd need to tell the log viewer how to parse, and yes I understand that interleaving is hard between products because few columns (except possible "date" and "general message") would necessarily line up.
If you've got less than 500MB/day and are only monitoring a single server -- or don't mind paying, you're probably looking for Splunk.
Check out this question (Is anybody using Splunk in a large-scale production environment? ) for other people's experiences with splunk and its competitors.
Real men use grep and print their logs. Makes good bedtime reading material. ;-)
I can recommend Lire of the LogReport project. I used to work on that project, but it is Open Source, and allows you to analyze many different log files. There are binary Debian and Ubuntu packages at least, but likely for other platforms too.
Splunk might interest you.
Disclaimer: It's commercial and costs money beyond a certain amount of data per day.
But it does provide an interface for everything that you describe above.