Dear Jason, Thank you for your interest in rsyslog.
1) Of course you can use regexes. For more information, take a look at the following links: http://www.rsyslog.com/doc/property_replacer.html http://www.rsyslog.com/doc/rsyslog_conf_filter.html http://www.rsyslog.com/regex/ 2) The documentation is here: http://www.rsyslog.com/doc/manual.html You can find it to be the first point from the dropdown menu when moving the mouse over "Help" on the website. 3. We do not have any information on that. On the rsyslog side, this is basically not a problem. But we are not sure if MySQL is capable of this and might be the bottleneck in this kind of setup. Florian -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jason Antman Sent: Mittwoch, 3. November 2010 21:48 To: [email protected] Subject: [rsyslog] Rsyslog evaluation questions Hello, At $UNIVERSITY, we're planning to overhaul our centralized syslog infrastructure. At the moment, we're running syslog-ng on an aged Solaris/Sparc box and planning on replacing it with either syslog-ng or rsyslog on CentOS 5. We're currently handling approximately 3 million lines per day from 25 hosts. We can expect that to increase to approx. 5M+ lines from 40 hosts within 6 months. We're beginning an evaluation of rsyslog, and I have a few preliminary questions I can't find clear answers to in the docs, and was hoping perhaps someone with rsyslog in production could provide some input. 1) We do a lot of post-processing of logs to pull out relevant information. Specifically, we have quite a few scripts (PHP) that rely on preg_match pulling out capture groups and putting them in different columns in MySQL. Does rsyslog support any regexes in templates that would allow something like this? 2) I last visited rsyslog.com before the site redesign. Where has the documentation gone on the new site? I can't even seem to find a config file statement reference... 3) Assuming an even distribution over time (not quite accurate), any thoughts on how dumping ~2M lines/day of syslog to MySQL on a VM (Xen) with a single 2.8GHz CPU and 512MB RAM would go? Thanks for any advice, Jason Antman _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
