I now have my 4 server array (2 css's, 4 Array members) using w3c file based logging and would like to be able to analyze those logs using log parser/log parser lizard or firewall analyzer. My question is this. In the 4 server array setup I have it seems that all 4 of the array members generate different logs. While this is somewhat expected on my end, I am trying to figure out the best way to be able to analyze these log files. They all generate the same file name for that day. Is this the only way to do it? I was thinking of utilizing a NAS setup I have to dump the log files on there daily but then how do I analyze 4 different log files that have the same name? Is there any way to change this?
Also if I just setup the ISA servers to log directly to a shared folder on the NAS is there concerns I should have regarding availability, etc? How will ISA work with the 4 array servers dropping logs in the same location with the same name?
From the sounds of that article it seems as though I could get performance almost as good as file logging or at least in between file logging and msde logging with the SQL Logging. This will give me the ability to see historical data (offline) and the live data, as well as write custom queries to the sql database as needed. It seems as though performance is limited by the size/speed of the box running SQL, and since I think I could get a pretty nice server to run it I don't know how much of a negative impact SQL will have. Do you think it's possible to use SQL 2008 on a 2008 Enterprise server?