Hosting Provided By

Re: A tool like "logwatch" for a log server

From: Steve Kemp <skx(at)debian.org>
Date: Fri Sep 14 2007 - 11:36:31 EDT

On Fri Sep 14, 2007 at 08:32:57 -0700, Seth Mattinen wrote:

> Sort of related question: Does anybody (when aggregating logs to a dedicated
> logging host) stop logging to the local disk, or do you still do both local and
> remote logging?
>

I've done it both ways round in the past. There's no ideal solution I think.

Having things local is useful if you break networking, or your central loghost fills up though!

I'd be interested in any interesting solution to this problem though, right now we use syslog-ng to send logs to a central machine. Those messages pass through a pipe to immediately alert upon a couple of common patterns (eg. failing raid) and then the logs get dumped to MySQL.

200ish machines take up a lot of space, so the next job is to start to filter the logs prior to database insertion - but I've not found anything that will do the job neatly yet ..

Steve

-- 


-- 
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Fri Sep 14 11:37:12 2007

This message: [ Message body ]
Next message: Amaya: "Re: Unsubscribing"
Previous message: Seth Mattinen: "Re: A tool like "logwatch" for a log server"
In reply to: Seth Mattinen: "Re: A tool like "logwatch" for a log server"
Next in thread: Michael Loftis: "Re: A tool like "logwatch" for a log server"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 00:07:53 EDT

Do you need help?