From owner-freebsd-isp  Sun Apr 19 11:01:35 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA03120
          for freebsd-isp-outgoing; Sun, 19 Apr 1998 11:01:35 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from mail.ruhrgebiet.individual.net (in-ruhr.ruhr.de [141.39.224.38])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA03046
          for <isp@freebsd.org>; Sun, 19 Apr 1998 18:01:21 GMT
          (envelope-from bs@devnull.ruhr.de)
Received: (from admin@localhost)
	by mail.ruhrgebiet.individual.net (8.8.5-r-beta/8.8.5) with UUCP id TAA12527;
	Sun, 19 Apr 1998 19:55:37 +0200 (MET DST)
Received: from rm.devnull.ruhr.de [192.168.22.75] 
	by devnull.ruhr.de with smtp (Exim 1.73 #1)
	id 0yQxvN-0000uw-00; Sun, 19 Apr 1998 19:30:41 +0200
Received: from bs by rm.devnull.ruhr.de with local (Exim 1.73 #1)
	id 0yQy7q-0000ek-00; Sun, 19 Apr 1998 19:43:34 +0200
To: Kevin Day <toasty@home.dragondata.com>
Cc: isp@FreeBSD.ORG
Subject: Re: log to st0?
References: <199804150533.AAA11780@home.dragondata.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
From: Benedikt Stockebrand <benedikt@devnull.ruhr.de>
Date: 19 Apr 1998 19:43:34 +0200
In-Reply-To: Kevin Day's message of "Wed, 15 Apr 1998 00:33:15 -0500 (CDT)"
Message-ID: <87u37pzozd.fsf@devnull.ruhr.de>
Lines: 26
X-Mailer: Gnus v5.5/XEmacs 20.3 - "Vatican City"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kevin Day <toasty@home.dragondata.com> writes:

> We're producing about 100M of http logs per day, append only... Is it at all
> possible to stream our httpd logs to tape, yet be able to rewind, read it
> all at random points, and pick up writing where I left off?

I'd suggest you log to a file, rotate that out once or twice a day and
send it to tape afterwards.  2x100M of disk space isn't unaffordable,
it'll keep your tape from repositioning all the time and gets you a
way superior solution because you can always view those logs and don't
have to wait until the tape is full and because you don't run into
delay problems while the tape is being wound.

About remote log hosts: As far as syslogd is involved you should
realize that it is using UDP, i.e. log entries can get lost,
especially during a malicious attack.  If you need some sort of
security, rotate the logs every 5 minutes (say) and have them picked
up via ftp/ssh/whatever from said loghost.  Or if you feel like
hacking, do the logging through a netcat-established connection.
Whatever.


    Ben

-- 
Ben(edikt)? Stockebrand --- Un*x System Administrator, Software Developer


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message