Mahlon,

My eventual goal is to have one 'logging server', receiving logs from all of the other servers around here, and parsing/pushing them into a mysql database.

We've implemented basically the same topology here, but instead of "mysql"ing the messages we're parsing and monitoring the lot of them looking for those (repeated login failures within or across system(s), etc..) which might concern us. What we did was write all messages to named pipes, one for each priority level. We made our perl script a daemon which reads the messages out of the named pipes. One of the perceived advantages here was that all buffering is provided by the OS. Our central server (AIX) comfortably supports over 50 disparate clients (AIX, Sun, NT) and handles an average of 310000 messages a day. (We had an anomalous day two weeks ago with 800000 messages with no observed problems.) The only significant disadvantage we've encountered is that our daemon has to be running before syslog-ng is started, this due to syslog-ng rightfully failing to startup if the named pipes are not open, something our daemon does. Good luck, John