Pierre Habouzit <[EMAIL PROTECTED]> writes: > The syslog daemon shall not eat anymore than 0.01% of your CPU.
That's just silly. :P For a cluster of syslog servers, the syslog daemon shall use whatever CPU time it needs. If it needs more than one CPU, and more than one CPU is available, then it's a good idea for the syslog daemon to use more than one CPU. You have multiple ways for logs to enter: 514/udp - the good old standard. <whatever>/tcp - tcp syslog, queued on the client side, ensured on the server side, possibly encrypted if data passes external networks. local sockets, doors, etc... Logs may be filtered and classified according to priority, network, server group, application, or facility. You have several places where the log data will go: Disk Database Some analysis application Custom statistics software with realtime graphs. IDS (Big, horrible, expensive, java-thingy. Prints Pretty Pictures) Local antispam-daemons. > Why would you need to bloat it for god's sake? It reminds me of so > called network monitors that are so huge, that they mostly measure > their own fat. A multi-foo syslog daemon is just plain silly. Not if you run a large network, cluster, server group or if you're an internet service provider. If you get tens or hundreds of gigabytes of logs every day, you need a good framework. A mail service for just 1M users alone lots 1GB every few hours. Some of that is interesting, and everything must be kept for a while. For your own laptop? Naah, you can keep sysklogd, as it's probably good enough for your needs. Remember that Debian is used by more than just you, so calling the needs of others "silly" may be perceived as short-sighted. -- Stig Sandbeck Mathisen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
