[rsyslog] db template how to
RB
aoz.syn at gmail.com
Mon Oct 20 23:12:23 CEST 2008
On Mon, Oct 20, 2008 at 14:44, <david at lang.hm> wrote:
> putting them into different databases would be difficult and expensive,
> but possible.
Hopefully we're not talking different databases, per se, maybe different tables?
My suggestion wouldn't be to put any of that logic at all in your
rsyslog configuration - the application & configurations are complex
enough. Rather (if you have a proper database engine) use table
partitioning, even constraint-based partitioning to do what you need.
Much less horrifying on the client side and any competent DBA will
know what you're doing and be able to handle it. Off the top of my
head I know Oracle, PostgreSQL, and MySQL support partitioning and I'd
be willing to bet MSSQL does as well.
Perhaps a more appropriate question would be why? Other than your
mental organization and maybe some access-control concerns, why would
you want to divide your database by host? Not only does it make
global correlation more complex, it's practically guaranteed to have
an uneven distribution.
When doing log tables, I always arrange the MERGE/partition constraint
by date or the like so it's easier and often faster for limiting
searches as well as to age data out (DROP TABLE versus DELETE FROM).
More information about the rsyslog
mailing list