-----Original Message----- From: [email protected] on behalf of [email protected] Sent: Fri 10/29/2010 5:21 PM To: rsyslog-users Subject: Re: [rsyslog] rsyslog conf file questions > -----Original Message----- > From: [email protected] on behalf of [email protected] > Sent: Fri 10/29/2010 5:21 PM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog conf file questions > > > On Fri, 29 Oct 2010, Brian Rogoff wrote: > > ... > what is the purpose of having everything broken out into individual files > like this?
In the current set up, log files are broken out into individual files much like what I described, so I thought for a first pass I'd try and preserve that structure as much as possible. > I see a lot of people who start off trying to do something like > this and then try to run reports across everything (where it would be much > simpler if everything was just in one file) Do you see a disadvantage to doing it this way? > Second question. What should my rsyslog.conf look like on each machine? > On the logging servers, I'd like all messages not from the server machine > to be stored in the log file with path determined from hostname, service name, > and pid, say. I may need more info later to assure that I can trace the path > of messages more easily, but this should be sufficient for starters. I'd > prefer that the conf files do not hardcode the names of the other machines > on themselves. On the cluster machines running the services, I'd like the > conf files to all be exactly the same, so they may refer to the logging > servers by name but not themselves. I has been very slow going for me trying > to figure out the syntax to do all of this. I looked at the example conf > files, > and I was able to use expression based filters to get some of the way there > but I think everything I described should be doable with rsyslog. > everything you are trying to do is possible, but getting it fully setup > with everything you are trying to do is quite a bit of work. I'm a bit surprised. What I described is really pretty simple, the skeleton of a first pass at redoing our logging with rsyslog. If it is quite a bit of work to do this in rsyuslog (and I don't doubt you, I've failed to implement it so far!) then I wonder whether it is worth replacing the existing home grown logging at all. > This request probably isn't inteded to sound like 'do my homework for me', > but it's > sounding pretty close to that. No, I work for a company, I'm not a student. I looked at the examples and docs and couldn't figure out how to do what I want. I could have written a very short message just asking for hints, but I thought more context would be helpful. Sorry if it appears that I'm just lazily asking you to do my work (well, I am!); I'd be happy with a pointer to some similar setup that I could modify. > Adiscon does offer a service to work with you to do exactly this, but the > level of detail > you are asking for seems like it exceeds normal mailing list support (for the > record, I do > not work for adiscon) Conceptually, this looks like less that 10 lines of code in each .conf file, so it doesn't seem very detailed or complex. If it is complex to implement in rsyslog, that suggests that the tool wasn't designed with the problem I described in mind, and that I should look elsewhere, or just use our homebrew logger. > I think that you should look at dynafiles for hints on how to do what it > sounds like you want to do. Thanks. > > Third, are there any subtle issues I should be thinking about here. For > > example, since I'd like to use the log messages to calculate the performance > > of the services, do I need to introduce some extra time stamps in the > > message > > flow or are the rsyslog generated timestamps enough? > > you really haven't provided enough information for this question. when you > say you want to measure the performance of a service, what does that mean? > what are you measuring? Response times for each service. From your answer below, it would appear that I'll have to encode that information for each service and store it in the log message. > > rsyslog will log the time that it received the message. If you need to > measure something like hits per second, this may be good enough. But if > you needed to measure how long it took to service each individual request, > the rsyslog timestamp is almost worthless. -- Brian
<<winmail.dat>>
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
