[MVLUG] RSYSLOG discussion

Joe Pfeiffer joseph at pfeifferfamily.net
Tue Mar 15 18:29:44 MDT 2011


Samat K Jain writes:
>On Monday, March 14, 2011 11:57:27 AM Jonathan Lindsey wrote:
>> I personally/professionally use rsyslog to dump my syslog information
>> into a mysql database.  Then most of the other computers send their
>> syslog info to that rsyslog server.  The problem with this is what
>> happens after the data get's stored.  Usually I just ignore the data,
>> which is not a good thing.  Lately I've been needing to get data out of
>> this information, such as Access Control List logs and what not.  I have
>> been writing some custom PHP scripts that access that information, on a
>> custom administration page that I'm writing as I go.
>
>Personally, I'm not a fan of inserting MySQL into any kind of stack
>that explicitly doesn't need an RDBMS… it's too fragile. If MySQL
>goes down, all of the sudden, you don't have logging anymore! Same
>for e-mail (notice, Fastwave has a bad problem with this). That, and
>such logging severely cuts into performance.

well....  my email goes to me without ever leaving the house.  If my
email log notification goes down, I've got much bigger problems than
whatever the logs would like to tell me about!

>
>I've been wanting to look into the whole AMQP thing but haven't gotten around to it. E.g.:
>
>  http://sysadvent.blogspot.com/2008/12/day-24-message-brokers.html
>
>> Do you manage your systems with centralized logging?
>> 
>> If so, what back-end server/services do you use?
>
>Have you taken a look at Splunk? In short, it's a search engine for logs/machine-generated data. You can set it up as a syslog target and have all your logs aggregated into one place, within which you can search, create graphs, etc.
>
>  http://www.splunk.com/
>
>Disclaimer: I used to work for Splunk.

Hmmm, worth looking into...
-- 
It's time to try defying gravity




More information about the MVLUG mailing list