On Fri, Dec 02, 2005 at 03:04:25PM +0000, Kumaran Babu wrote:
Basically, I look at logging close to 40 Network devices which can potentially log as much 10Gigs or more of data. I want to use the DNS hostnames to be displayed when viewed in php-syslog-ng interface so I enabled DNS on syslog-ng conf file. I've changed the nsswitch.conf to look at hosts file and then dns server so that I can populate the individual device details into the hosts file so this server doesnt have to query the DNS server for the host details everytime it receives a log entry.
Am I doing the right thing or is there a better way of accomplishing this?
This is good, speed up lookups using /etc/hosts, I'd also enable DNS caching in syslog-ng to help performance there (or run a local caching nameserver that's only listening on a loopback interface).
Also, planning to archive all of the logs onto files and not to simple files so that I can rotate the old logs DB every month. Again, am I doing the right thing or is there an alternate way to do this?
I don't know what you mean by this. What kind of log files are you using? -- Nate A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.