[snip]
But now there is a bunch of extra CPU usage (syslog-ng has accumulated 600
minutes of CPU time after running for just one day; this is a 333Mhz machine and there are only a couple dozen logging hosts, most of which comes relayed through other syslog-ngs anyways).
[snip] I keep thinking I'm doing something wrong... I have syslog-ng running on a SUN Ultra 10, and it's been running for 192 days, and I have 700 minutes time and 4.5M size... Of course, I only log from 6 other boxes to it for now. :) Consider this a success story :) I have used syslog-ng to split up incoming logs per facility and priority, so that if I see a message in the crit file, I can go to the corresponding facility file and see if there were any more message. This functionality has come in very handy a few times. :) /Mick