I’ve just released a little tool I wrote called riak-syslog which takes your syslog messages and puts them into a Riak cluster and then lets you search them using Riak’s full text search.
Rather than re-implement the wheel, riak-syslog expects that a syslog daemon will handle receiving syslog messages and will be able to provide them in a specific format – there is documentation on getting this running with rsyslog on Ubuntu.
I’ve used it to gather and store a few hundred gig of syslogs over the last several months on an small internal Riak cluster on Brightbox Cloud and it’s working well (which can’t be said of a similar setup I did with Solr which caved in after a while and needed some fine tuning!)
There is documentation on getting it set up in the README, and some examples of how to conduct searches too.
If you want to play with Riak, you can build a four node cluster spanning two data-centres in five minutes on Brightbox Cloud.
You might also be interested in my post about indexing syslog messages with Solr.