<div>Thanks for that. </div>
<div> </div>
<div>It looks I've completed confused u in the 2nd question.</div>
<div> </div>
<div>Right now, I've set all logs to go to the MySQL DB and also to the files so that they can be compressed and archived which allows me to rotate the MySQL DB once a month. This sounds a good idea but has a lot of negatives like,
</div>
<div> </div>
<div>a. Archived files will not be on the web interface (simply because its not on DB anymore). Although, the archived logs may be read once in a blue moon or not read at all.</div>
<div>b. This propels the Disk I/O to almost double as you write to the DB and to files at the same time.</div>
<div>c. Storage space turns out to be an issue as well.</div>
<div> </div>
<div>What I also thought of was to see if I can archive the DB itself once in a month and store it on a Tape media which means anytime the archived DB can be mounted for reference and with little Adm task the syslogs can be viewed on the web interface. But, I'm no DB expert hence have no clue of issues in here.
</div>
<div> </div>
<div>Any thoughts from experts here would be great.</div>
<div> </div>
<div>-- <br>Kumaran<br><br>Find your IP @ <a href="http://www.itsyourip.com">www.itsyourip.com</a> <br><br> </div>
<div><span class="gmail_quote">On 12/8/05, <b class="gmail_sendername">Nate Campi</b> <<a href="mailto:nate@campin.net">nate@campin.net</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Fri, Dec 02, 2005 at 03:04:25PM +0000, Kumaran Babu wrote:<br>><br>> Basically, I look at logging close to 40 Network devices which can
<br>> potentially log as much 10Gigs or more of data. I want to use the DNS<br>> hostnames to be displayed when viewed in php-syslog-ng interface so I<br>> enabled DNS on syslog-ng conf file. I've changed the nsswitch.conf
to look<br>> at hosts file and then dns server so that I can populate the individual<br>> device details into the hosts file so this server doesnt have to query the<br>> DNS server for the host details everytime it receives a log entry.
<br>><br>> Am I doing the right thing or is there a better way of accomplishing this?<br><br>This is good, speed up lookups using /etc/hosts, I'd also enable DNS<br>caching in syslog-ng to help performance there (or run a local caching
<br>nameserver that's only listening on a loopback interface).<br><br>> Also, planning to archive all of the logs onto files and not to simple files<br>> so that I can rotate the old logs DB every month. Again, am I doing the
<br>> right thing or is there an alternate way to do this?<br><br>I don't know what you mean by this. What kind of log files are you<br>using?<br>--<br>Nate<br><br>A distributed system is one in which the failure of a computer you
<br>didn't even know existed can render your own computer unusable.<br><br>_______________________________________________<br>syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>
<br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html
</a><br><br></blockquote></div><br><br clear="all"><br>