[syslog-ng] Architecture Question'
catenate
infosec at gmail.com
Tue Oct 4 17:57:20 CEST 2005
On 10/4/05, CIKALA Frederic ROSI/DOSI <frederic.cikala at francetelecom.com>
wrote:
>
> Yes, i know it is not specific enough ...
> But nobody here can tell me exactly the frequency of the logs that will
> be sent :-/
> One thing is sure : it wont be 1 message per server per day, but
> something like 500 /server /days ...
> Do you want to know something else ?
>
All that we can say is that you should make sure throughput to/from the
network and to/from disk is good, and that you have lots of CPU for log
analysis and possibly a GUI front end. At first glance memory seems to be
less of a concern for loghost apps but all the UNIXes I know of use memory
to cache I/O so maybe lots of memory is a good idea too.
You're really on your own here, but any modern server-class machine is
probably a good start. If you grow beyond it you can set up a tiered
architecture or set up a counter-strike server on the old machine (god I
haven't played that for years, I just don't know what you kids are playing
these days).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20051004/85ae275f/attachment.htm
More information about the syslog-ng
mailing list