David Lang, you also have valid points obviously, but what I wonder is if
the server crashes where is the data going to be then.  At least one
centralized on a NAS/SAN solution a massive hit to the server won't be as
destruction to the data on the NAS.

Plus, did he mention if this is a brand new stand up project requiring the
ability to acquire a new hardware. I think I missed that part.

\\Warron French from mobile
On Jun 22, 2016 7:33 PM, "David Lang" <[email protected]> wrote:

> On Wed, 22 Jun 2016, Joe Blow wrote:
>
> Our reqs are a bit beefier. I disagree on a few things. For the SAN/NAS
>> stuff, just buy beefy servers (36-72TB systems are dirt cheap now).  Iops
>> won't be an issue that way either.
>>
>
> I agree, the impact on both the performance and on the netapp for this
> much I/O can be significant, and while it can be done on central storage,
> it's FAR cheaper to just do it on local storage
>
> Also, instead of logrotate, I use a cron job which kicks off a threaded
>> compression script, using xz -e -z -9 for beast mode compression using
>> 16/40 cores max. 1.2B logs is like 20GB / day. Do the math on a 20-30TB
>> mount and you're laughing.
>>
>
> A cron job can also prune logs beyond a given date, or rotate them off to
> long-term storage (hello AWS Glacier, $0.01/GB/month with something like 14
> 9's of reliability)
>
> check your logs. I did a bunch of tests of xz from -1 to -9e and found the
> difference was far less than I expected:
>
> 10 min worth of logs, ~9.8GB
>
> netapp compression ~2:1 or ~5G of storage
>
> xz compression size and cores needed to compress 10 min of logs in 10 min
>
> note that these numbers are only approximate as they will vary as the log
> contents change, but this is probably within 20% or so of the cpu cost
>
> level size cores
> 1    242MB 1
> 2    209MB 1
> 3    197MB 1
> 4    257MB 2
> 5    227MB 3
> 6    200MB 4
> 7    198MB 5
> 8    197MB 5
> 9    196MB 5
> 1e   184MB 14
> 2e   171MB 16
> 3e   177MB 12
> 4e   163MB 18
> 5e   171MB 12
> 6e   158MB 21
> 7e   154MB 25
> 8e   152MB 35
> 9e   150MB 31
>
> David Lang
>
>
> I'd love to see the audispatch work you've done.
>>
>> Also, in case you were wondering, I have a patent on my log-to-jpg-to-sql
>> module, and the corresponding OCR extraction tool.
>>
>> Cheers,
>>
>> JB
>>
>>   Original Message
>> From:[email protected]
>> Sent:June 22, 2016 3:26 PM
>> To:[email protected]
>> Reply-to:[email protected]
>> Subject:Re: [rsyslog] Central logging solution
>>
>> I worked on something similar.
>>
>> Are your requirements as basic as what you have presented Abhilash?
>>
>> Do your requirements require centralizing audit log data?  That should be
>> handled through audispatch and I can advise you on how to do that.  In
>> fact
>> I might even have a fully complete set of instructions for the audispatch
>> and another for rsyslog.
>>
>> As for managing the volume of data (from 2000+ hosts) and data store, that
>> would require some reaching out to NAS/SAN consultants for optimizing the
>> storage configuration; and then if you set up the logrotation to be daily
>> you can then write a script and put it into crontab to maintain the
>> 18month
>> auto-cropping of data from the volume based on a *find *command.
>>
>> That's my input, since I have had to do something similar but not at the
>> same volume, or with the same storage requirements exactly.
>>
>> Let me know if you need more input.
>>
>> --------------------------
>> Warron French
>>
>>
>> On Mon, Jun 20, 2016 at 2:04 PM, Joe Blow <[email protected]> wrote:
>>
>> I feel like this is a troll.......
>>>
>>> 1. Turn on imptcp
>>> 2. Turn on imudp
>>> 3.  Point your systems to rsyslog
>>> 4.  Profit
>>>
>>> Some other pieces of glue you'll need:
>>>
>>> Keepalived
>>> Liblognormalize
>>> Xz (for beast mode compression)
>>> Drbd
>>> Imagination
>>> Iptables
>>>
>>> I would suggest you convert the log lines to jpgs, so that you can store
>>> the base64 encoded jpg inside a non-searchable relational database of
>>> your
>>> choice.
>>>
>>> Then you can sell your new "customer" an OCR appliance to search your
>>> jpg-log-storage-appliance.
>>>
>>> Hope this helps with your homework. :)
>>>
>>> /troll
>>>
>>> Cheers,
>>>
>>> JB
>>>
>>>
>>>    Original Message
>>> From:[email protected]
>>> Sent:June 20, 2016 11:55 AM
>>> To:[email protected]
>>> Reply-to:[email protected]
>>> Subject:[rsyslog] Central logging solution
>>>
>>> Hi Team,
>>>
>>> I am  working on a Central Logging solution for our environment using
>>> Linux
>>> native logging feature(rsyslog).  The requirement is to store the logs
>>> from
>>> all servers(Windows +all UNIX) and retain for 18 months.Our account got
>>> around 2000 server(1200 Windows+ 800 UNIX(HPUX/AIX/Linux/Soalris) and
>>> appliances. The customer wants a solution based on rsyslog.We also need
>>> to
>>> retain the logs for 18 months on tamper proof storage.
>>>
>>> Please could anyone guide me ? Also pls share some good documentation
>>>
>>> --
>>> Abhilash.P.A
>>> voice :+91 9663375151
>>>
>>> " Known is a drop and unknown is an   ocean"
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>> DON'T LIKE THAT.
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>> DON'T LIKE THAT.
>>>
>>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to