Hi,

 

I've planned to setup a Central Logging system using the great Syslog-NG with MySQL. All is fine but just need a couple of clarifications to optimize performance.

 

Basically, I look at logging close to 40 Network devices which can potentially log as much 10Gigs or more of data. I want to use the DNS hostnames to be displayed when viewed in php-syslog-ng interface so I enabled DNS on syslog-ng conf file. I've changed the nsswitch.conf to look at hosts file and then dns server so that I can populate the individual device details into the hosts file so this server doesnt have to query the DNS server for the host details everytime it receives a log entry.

 

Am I doing the right thing or is there a better way of accomplishing this?

 

Also, planning to archive all of the logs onto files and not to simple files so that I can rotate the old logs DB every month. Again, am I doing the right thing or is there an alternate way to do this?

 

Any suggestions and recommendations are gratefully accepted.
--
Kumaran

Find your IP @ www.itsyourip.com