[plug] server load spikes, syslog options

James Devenish devenish at guild.uwa.edu.au
Sat Apr 17 09:35:00 WST 2004

In message <1082124919.10288.14.camel at rattus.Localdomain>
on Fri, Apr 16, 2004 at 10:15:19PM +0800, William Kenworthy wrote:
> I also use metalog to trigger a perl script to enter the message in a
> (local) mysql database which is synced across to another machine every
> few minutes.

Bill probably has a specific reason for wanting to replicate MySQL
databases, but syslog daemons generally include a simpler network
logging facility anyway (i.e., a 'loghost ' feature is usually included
with vendors' own syslogds, as well as third-party replacements such as
syslog-ng). One consequence of this form of "instantaneous" remote
logging is that it provides a way to capture messages from a dying or
compromised machine. Some syslogds also provide a way to directly enter
log entries into a remote SQL database (i.e. no need to do a periodic
database replication), so that you can keep a plain text copy of the
local machine while having a more structured copy on your log host. I
always make sure there is a plain-text copy on each machine, because
it's human-readable during circumstances when one's sitting in front of
a broken machine that can't load a database server or access a network.

More information about the plug mailing list