Patrick and all,
How about BOTH? I can defend the RDBMS approach one day and then turn
and defend the flat file approach :-) Both seem to have benefits
compelling enough so that doing both seems like the best... given that
hardware is relatively cheap and you'd achieve the benefits of both
approaches.
On 8/23/06, Patrick Debois <Patrick.Debois@private> wrote:
>
> I'm looking for help in a discussion to decide to either log everything in
> relational database or just keep logs in plain files.
>
> >From the file perspective:
>
> (+)DB normalization with a lot of different DB schemas seems a lot of
> work/impossible. It feels a bit like the google vs yahoo approach.
> (+)Easier to calculate checksums on files: database queries
> (+)You would avoid understanding all logfiles and parsing them to an
> "uber"logformat
> (+)Files index more easily then database.
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>
>
>
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 24 2006 - 11:14:55 PDT