David Lang <[email protected]> writes: > On Mon, 21 Jan 2013, Micah Anderson wrote: > >>> Note that adiscon will write the C code to make a filter like this for >>> around >>> 500 euro, so if you don't want to do it yourself, you can have them do it. >> >> The problem isn't writing the C code, I can do that. The problem is that >> having to write C means having to compile it and distribute my own >> version of rsyslog, and everyone else who would like to use that >> facility would also need to do so, or I need to spend a lot of time >> trying to get it included upstream. All of that together is enough to >> make me pick another syslog solution that can do it with a couple of >> configuration lines. > > a few things to consider. > > first, check that the other syslog implementation lets you do it in a free > version instead of requiring a paid version. I've seen people make this > statement about other features, only to find out that the feature is only in > the > paid version.
I know that they do it in free versions because I am using them now. Syslog-ng integrated the capability in their core some time ago, and dsyslog had it from the beginning (although I suspect that project might be no longer maintained). > second, what is the performance of doing this (and does it matter at your log > volume) a general regex search and replace is a fairly expensive operation. I'm sure there is some sort of degredation in performance, but when it is site-policy to have this and the degredation is negligible, it isn't an issue. I didn't do any performance testing, but I pump a lot of logs (for example a mail server that handles over 4 million subscribers to 20-30k mailing lists) and haven't noticed any issues. > third, one of the big advantages of having adiscon do this is that it makes > the > improvement part of the core rsyslog distribution, so you don't have to go to > the effort of maintaining and distributing your own vesion I can't disagree with that, but I don't think I'm going to pay someone to do something that already exists somewhere else free. I was hoping to switch to rsyslog because I prefer it for different reasons, but I wont give up that functionality. > fourth, if you switch to a different syslog implementation, you have to > distribute that (short term, this is not a difference, it will take your > distro > some time to catch up to the version of rsyslog that includes the > improvements) As I said, syslog-ng has this functionality built-in, so there is no distribution requirement. -- _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
