Date: 19 Apr 1998 19:43:34 +0200 From: Benedikt Stockebrand <benedikt@devnull.ruhr.de> To: Kevin Day <toasty@home.dragondata.com> Cc: isp@FreeBSD.ORG Subject: Re: log to st0? Message-ID: <87u37pzozd.fsf@devnull.ruhr.de> In-Reply-To: Kevin Day's message of "Wed, 15 Apr 1998 00:33:15 -0500 (CDT)" References: <199804150533.AAA11780@home.dragondata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Day <toasty@home.dragondata.com> writes:
> We're producing about 100M of http logs per day, append only... Is it at all
> possible to stream our httpd logs to tape, yet be able to rewind, read it
> all at random points, and pick up writing where I left off?
I'd suggest you log to a file, rotate that out once or twice a day and
send it to tape afterwards. 2x100M of disk space isn't unaffordable,
it'll keep your tape from repositioning all the time and gets you a
way superior solution because you can always view those logs and don't
have to wait until the tape is full and because you don't run into
delay problems while the tape is being wound.
About remote log hosts: As far as syslogd is involved you should
realize that it is using UDP, i.e. log entries can get lost,
especially during a malicious attack. If you need some sort of
security, rotate the logs every 5 minutes (say) and have them picked
up via ftp/ssh/whatever from said loghost. Or if you feel like
hacking, do the logging through a netcat-established connection.
Whatever.
Ben
--
Ben(edikt)? Stockebrand --- Un*x System Administrator, Software Developer
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87u37pzozd.fsf>