[syslog-ng] Blog post on ELSA
Martin Holste
mcholste at gmail.com
Fri Apr 1 15:08:58 CEST 2011
Good question. It would theoretically work with Postgres with a fair
amount of code modification, using COPY instead of LOAD DATA for the
imports, and an ODBC connection for Sphinx. However, it would be a
lot less time to install MySQL and gain a cursory knowledge of it than
to modify all of the code the allow for Postgres. The other issue is
that Postgres would be much slower in this case because the MySQL
native connections in Sphinx are much faster than the ODBC connections
(something like 50k rows/sec versus 6k rows/sec for indexing), and
MyISAM tables are simpler than transaction-oriented tables, so they
load data faster. Lastly, you'd lose the ability to archive logs, as
it uses the MySQL ARCHIVE storage engine which provides an incredible
compression ratio because it compresses an entire 32k chunk of table,
not string by string.
I would strongly urge you to try MySQL instead of modifying the code.
It should install very quickly on almost any platform and there won't
be much tuning or administration required.
On Fri, Apr 1, 2011 at 2:11 AM, Hendrik Visage <hvjunk at gmail.com> wrote:
> On Mon, Mar 28, 2011 at 10:26 PM, Martin Holste <mcholste at gmail.com> wrote:
>> I just put up an entry on my blog (http://ossectools.blogspot.com)
>> describing the Enterprise Log Search and Archive Project
>> (http://code.google.com/p/enterprise-log-search-and-archive) I've been
>> working on which uses Syslog-NG >= 3.1 and pattern-db at its core.
>
> How easily could me make it DB independent? Specifically I have the
> need for PostgreSQL instead of MySQL (Inhouse suport/knowledge)
>
More information about the syslog-ng
mailing list