[OT]: Syslog issues?
Dirk Koopman
djk at tobit.co.uk
Wed Mar 21 15:43:28 GMT 2007
Luis Motta Campos wrote:
> Dear M[ou]ngers
>
> I'm facing a funny problem at work.
>
> We have a very busy apache farm producing 40Gb of log files everyday,
> and no centralized logging facility.
> We're considering using syslog (or better, syslog-ng) to concentrate
> all logs on a single spot, so we can handle, parse, and summarize all
> information for human and machine consumption.
Don't think any of the syslog daemons could reliably handle that sort of
data. Remember that syslog's job is to try to store important messages
that might allow you to diagnose a problem. Therefore they use slow disc
writing methods (syncing etc) to make sure that stuff is written.
Syslogd isn't expected to handle 40Gb/Day (~500KBytes or ~2250 lines per
sec).
On some machines that would constitute a DoS attack!
More information about the london.pm
mailing list