[OT]: Syslog issues?
Nik Clayton
nik at ngo.org.uk
Wed Mar 21 15:42:32 GMT 2007
Luis Motta Campos wrote:
> We have a very busy apache farm producing 40Gb of log files everyday,
> and no centralized logging facility.
> We're considering using syslog (or better, syslog-ng) to concentrate
> all logs on a single spot, so we can handle, parse, and summarize all
> information for human and machine consumption.
>
> The problem is making sure we have enough hardware to not loose
> messages and enough bandwidth to guarantee that every message gets
> properly delivered to the logging server without problems.
http://www.splunk.com/
Set it up to be your syslog data sink. You could:
a) Log to local files, and then ship the files over the network to a
Splunk instance.
b) Log remotely direct to splunk (it'll act as a syslog sink). You
might have reliability issues with the syslog bit.
c) Log remotely, using mod_log_spread, and then get the data in to splunk.
N
More information about the london.pm
mailing list