I just got logging going with syslog-ng in the last couple weeks (first
client is our PIX 520). We can have up to 20Gb/day from our PIX. When
compressed, the logs are up to 2Gb/day. We do want a record of all
sessions for forensics & troubleshooting (already saved us hours of
time) but the log format is quite verbose. Because of that verbosity, I
was thinking of writing just key fields to a MySQL database as you
suggest. However, I don't want to get into a situation where the only
reporting is whatever report script I have time to write... If Joseph
or someone else has a suggestion for fields to insert into the db and a
reporting package to use, I'd appreciate it.

Kim Cary
InfraSec Admin
Pepperdine University

On Oct 29, 2004, at 5:43 AM, syslog-ng-request@lists.balabit.hu wrote:

>> server. The central server is currently piping the information to a
>> Mysql
>> database. Each incoming device writes to its own table in the
>> database. A
>> modification to this we would like to accomplish is to key various
>> pieces
>> of information stored in the "message" field.
>>
>> For example, syslog messages sent from the mail servers will contain
>> the
>> sender, recipient, delivery status in the "message" field. Our
>> thought is
>> to key these pieces of information for quick lookup. Some of the
>> systems
>> (Cisco Pix) are sending up to 5G of information a day. Another reason
>> to
>> key the information.
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html