Okay, so here is the current task I am working on and was looking to see how people have tackled it, basically any ideas out there to ponder. Any thoughts, comments, etc. will be appreciated. Thanks. Key Highlights: - Centralized logging setup for over 1000 Linux hosts. - Need it to be scalable to even more eventual hosts. - Estimate less than 1MB of data per host per day. Want to do summarization with syslog-ng to reduce network traffic, to make this even less. - Need it setup so that the network isn't saturated. - Rollout syslog-ng to the hosts, for using filtering etc. Two ways I'm considering doing the backend right now: - Potentially some sort of Linux LVS cluster with an NFS backend. So a pair of Linux load balancers that will hand off the syslog data to centralized syslog servers in a cluster, that then dump into some shared NFS server/solution. - Or, maybe having distributed "collector" syslog servers that somehow dump back to a central syslog server. So a distributed architecture approach. The LVS setup seems appealing to me for the scalability potential, but not sure if it is overkill. What I am currently most concerned with is the amount of traffic over the network. Thanks for any help. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed May 10 2006 - 10:07:11 PDT