On Sun, 21 Nov 2010, Sivan Greenberg wrote:
Hi list, again :)
I would like to know if it is best to feed loganalyzer through a
mysql storage or filesyste, files?
It seems to me, that using mysql could be better for log view
performance, e.g. since mysql supports proper indexing and free text
search? Anybody have any experience with something similar?
I would like to have the log analyzer have the best setup scenario
for quick search and analysis. also I would like to know, if using
flat files, it is using indexes and the like for better searches and
real time analysis? (I'm asking as I'm going to set what's best for
logAnalyzer and then follow suite to adopt the rest of the
infrastructure accordingly)
this depends a lot on your log analyser tool. there are a lot of different
things that you can do when analysing logs, and searching through them is
only one of them (and arguably the least useful one)
what sort of volume of logs are you talking about dealing with?
do you have a particular tool in mind? (if so what is the URL for that
tool?)
In general, I tend to not use tools that plan to do their analysis by
doing searches through the data, they just don't scale well. I prefer to
have tools that make as few passes through the data as possible,
extracting a lot of information as they do each pass (and at the very
least, makes it so that futher passes don't have to look at all the data)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
