On Mon, Nov 22, 2010 at 12:46 AM, <[email protected]> wrote: > > this depends a lot on your log analyser tool. there are a lot of different > things that you can do when analysing logs, and searching through them is > only one of them (and arguably the least useful one) > > what sort of volume of logs are you talking about dealing with?
We are still investigating this, but consider both logs and tailored msgs we would be passing through rsyslog. it would be a lot of traffic but we want to have different log-rotate intervals so some logs would be kept for a week and some for months or years. > > do you have a particular tool in mind? (if so what is the URL for that > tool?) > Yes, Adiscon's http://loganalyzer.adiscon.com/ > In general, I tend to not use tools that plan to do their analysis by doing > searches through the data, they just don't scale well. I prefer to have > tools that make as few passes through the data as possible, extracting a lot > of information as they do each pass (and at the very least, makes it so that > futher passes don't have to look at all the data) Yes, it seems that Splunk is one such tool. Thanks! -Sivan _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
