Hello, At $UNIVERSITY, we're planning to overhaul our centralized syslog infrastructure. At the moment, we're running syslog-ng on an aged Solaris/Sparc box and planning on replacing it with either syslog-ng or rsyslog on CentOS 5. We're currently handling approximately 3 million lines per day from 25 hosts. We can expect that to increase to approx. 5M+ lines from 40 hosts within 6 months.
We're beginning an evaluation of rsyslog, and I have a few preliminary questions I can't find clear answers to in the docs, and was hoping perhaps someone with rsyslog in production could provide some input. 1) We do a lot of post-processing of logs to pull out relevant information. Specifically, we have quite a few scripts (PHP) that rely on preg_match pulling out capture groups and putting them in different columns in MySQL. Does rsyslog support any regexes in templates that would allow something like this? 2) I last visited rsyslog.com before the site redesign. Where has the documentation gone on the new site? I can't even seem to find a config file statement reference... 3) Assuming an even distribution over time (not quite accurate), any thoughts on how dumping ~2M lines/day of syslog to MySQL on a VM (Xen) with a single 2.8GHz CPU and 512MB RAM would go? Thanks for any advice, Jason Antman _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
