Hi list, I'm trying to build a service to enable the quick searching of mail logs, for our support team to use. We get quite a lot of log generation (about 2G of mysql data a day)
Searching these becomes really inefficient after a while, even though there's extra keys and indexes in the db. I'd like to try and parse the syslog event using rsyslog and get the message ID out of the payload and add it as an indexed field, which should speed up queries (so we can stitch together a full email transaction) Is this something rsyslog can do? I'm currently using the default db schema and loganalyzer 3.0.1 If not, no big deal, will have to write a custom parser and use a pipe to take the syslogs from rsyslog (perhaps?) I've also thought of multiplexing the logs to ramdisk and physical disk, although that throws up another set of problems. Cheers Joel -- $ echo "kpfmAdpoofdufevq/dp/vl" | perl -pe 's/(.)/chr(ord($1)-1)/ge' _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
