== Problem ==
Current system logs events to a plain-text file. Parsing a large text file is slow and inflexible, while advanced data selection, filtering and sorting operations are impossible.
Currently all events in the log are indistinguishable. There are no semantic difference between information, warnings and errors. Which makes log analysis difficult, tedious, boring and time consuming due to the signal-to-noise ratio.
== Solution ==
Using a database (such as SQLite), would be very fast and flexible, and allow many advanced operations that just are not possible with what we have today.
It would allow chronological and reverse-chronological sorting of events. Grouping. It would allow to filter out or display events by time, category, severity, application, or tag, etc.
With a database it would be possible to sort or filter events by severity (e.g. only errors) or by tags (such as disk, local, network, security, etc).
Example, you could choose to only show the last 50 network-related events in the last 4 days sorted by severity in chronological order.
It would make system administration much more effective.