central logging to a database
Hello,
we're not exactly an ISP but I guess people subscribed to this list
are the ones with the best knowledge, feel free to point to the
appropriate place if i'm absolutely OT
I'm planning on setting up a central log server. I'd like to log
everything from the last 2 rotations (guess in my case 2 days should
be enough) locally for a fallback and also log everything to the sql
database - is that even a smart approach (logging to 2 places, i know
that i need to know myself how much fallback i need in case the
central log server goes down)
Now initial googling pointed me to 2 solutions and an interesting info
1) a "well known" solution (bunch of howtos available on the net) of
using the remote logging abilities of syslog(-ng) to a central log
server and from there having a pipe that is read and then in turn
paste that to the sql database. The problem is i couldn't find any
reports on how reliable that works and somehow I have a bad feeling
about that, imho it breaks the chain of well crafted logging measures
not to loose messages. Am I hunting ghosts and this is tested well
enough not to worry?
2) the other was rsyslog (http://www.rsyslog.com/) which can from the
description receive remote logging just like syslog but has the
ability of logging natively to at least mysql. The big problem I see
here ist that it isn't natively available in debian, this is solveable
but to be honest I'd like to stay within debian standard repositories
for such a central daemon as the logger.
The info i found while googling (which of course i was too dumb to
bookmark) was about some kind of standard schema used for database
logging so that one, at least in theory, could switch backends with
less efforts since a bunch of tools (i think it was monitorware but
that led me to some commercial site besides phplogcon for which i read
a lot of bad reviews.) rely on that schema. Is there something like
that (at least some commonly used schema) or am i on my own?
thanks
martin
Reply to: