[MVLUG] RSYSLOG discussion
Samat K Jain
lists at samat.org
Tue Mar 15 17:11:34 MDT 2011
On Monday, March 14, 2011 11:57:27 AM Jonathan Lindsey wrote:
> I personally/professionally use rsyslog to dump my syslog information
> into a mysql database. Then most of the other computers send their
> syslog info to that rsyslog server. The problem with this is what
> happens after the data get's stored. Usually I just ignore the data,
> which is not a good thing. Lately I've been needing to get data out of
> this information, such as Access Control List logs and what not. I have
> been writing some custom PHP scripts that access that information, on a
> custom administration page that I'm writing as I go.
Personally, I'm not a fan of inserting MySQL into any kind of stack that explicitly doesn't need an RDBMS… it's too fragile. If MySQL goes down, all of the sudden, you don't have logging anymore! Same for e-mail (notice, Fastwave has a bad problem with this). That, and such logging severely cuts into performance.
I've been wanting to look into the whole AMQP thing but haven't gotten around to it. E.g.:
> Do you manage your systems with centralized logging?
> If so, what back-end server/services do you use?
Have you taken a look at Splunk? In short, it's a search engine for logs/machine-generated data. You can set it up as a syslog target and have all your logs aggregated into one place, within which you can search, create graphs, etc.
Disclaimer: I used to work for Splunk.
Samat K Jain <http://samat.org/> | GPG: 0x4A456FBA
Hitchcock's Staple Principle: The stapler runs out of staples only while you are trying to staple something.
-- None (88)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part.
More information about the MVLUG