jwiens wrote:
Excellent response. Thank you very much for your feedback.
It also struck me as being excessive for the amount of data I think is being
logged.
I have a slightly larger network, but have database statistics that are
similar to crosse's post. That said, I have not migrated any of our
sysloging to zenoss yet. I know that unless this is properly managed, it
will swell our database excessively (especially since our FW is logging
at the Informational level). Ultimately, I want to make sure that the
flow of information is limited to what requires actions. I intend to
limit information at the host (by making a preliminary attempt to get
rid of trivial errors) before pointing syslog at zenoss.
Zenoss takes the position that you should point the firehose at them and
force you to make a decision about each event category in one central
location. It's a logical decision, (and probably the most useful), but I
know how poorly some of my servers have been previously configured, and
want to clean up some of that mess first.
You might want to take a look at what devices are filling up your
database. I would log into the events database using the mysql command
line client and issue the following statement:
mysql -u zenoss -p events
Enter password:
mysql > select DISTINCT device, COUNT(device) as count, severity from
history group by device order by severity, count;
This will generate a table that tells you how many events each device is
generating and at what severity. You can then focus your efforts on
reducing the number of events created by those devices first, either by
configuring zenoss to ignore more events, or tweaking the client
configuration (in my case the syslog configuration) to reduce the
chattiness. I'd look at any device generating a ton of low severity and
a ton of high severity events.
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
