On Thu, 15 Jul 2010, Joel Merrick wrote: > Hi list, > > I'm trying to build a service to enable the quick searching of mail > logs, for our support team to use. We get quite a lot of log > generation (about 2G of mysql data a day) > > Searching these becomes really inefficient after a while, even though > there's extra keys and indexes in the db. > > I'd like to try and parse the syslog event using rsyslog and get the > message ID out of the payload and add it as an indexed field, which > should speed up queries (so we can stitch together a full email > transaction)
this shouldn't be _too_ hard, depending on where the message ID is in the messages you are logging just create your own template that writes the message ID as a separate field. David Lang > Is this something rsyslog can do? I'm currently using the default db > schema and loganalyzer 3.0.1 > > If not, no big deal, will have to write a custom parser and use a pipe > to take the syslogs from rsyslog (perhaps?) > > I've also thought of multiplexing the logs to ramdisk and physical > disk, although that throws up another set of problems. > > Cheers > Joel > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
