[syslog-ng]Local spooling and redundant concepts?

[strerror]

--nextPart3614678.jLV7LVqhBG
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

heya,

Been implementing a setup similar to Nate Campin's but with a few twists an=
d=20
some modernisation and as I did it I thought about the following things.

=46irstly, part of the setup has logs going from satellite servers to a cen=
tral=20
server and then being thrown into a db, what I would like to do is if the=20
central db ever goes down, I would like to spool the logs destined for that=
=20
central server locally and when the db is back up for it to send them. How=
=20
would you go about implementing this feature?

Secondly I notice that Nate has gone to some trouble to setup feeds to swat=
ch=20
and sec, but I don't quite understand why. Can someone tell me what this=20
programs offer that you can't do by simply pattern matching with a filter a=
nd=20
then piping to a program that mails it out for example? Why would you=20
implement both the swatc/sec as in Nate's howto AND his mail-syslog=20
destinations?

=46inally I had to patch / change a lot of things from Nate's howto's. If a=
nyone=20
needs patches to sqlsyslogd, both the src for new buffer sizes, the sql set=
up=20
to make it work with mysql 4.1+ or my templates for putting the data into=20
mysql with a db timestamp instead of a ISO formatted one let me know.

=2D-=20
strerror
http://www.disciplina.net

--nextPart3614678.jLV7LVqhBG
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.9.15 (GNU/Linux)

iD8DBQBCbYSxpO9ElVhlDo8RArsKAJ4+x1lVxb3Tcds0uJDtvbO8MeVFsACdGRji
hmEeJsZBCTwsEPy8DtHCrIc=
=V+bF
-----END PGP SIGNATURE-----

--nextPart3614678.jLV7LVqhBG--