Appliance maintenance

Questions around SyslogAppliance, the virtual logging appliance.

Google Ads


Appliance maintenance

Postby mlist » Wed Jan 21, 2009 4:38 pm

I opened this new thread in which to know the normal maintenance operations that ad admin should execute.
I would like to know some tips about the correct maintenance operations I should be aware.

Fore example I just noticed that my appliance (installed 1 month ago) is consuming too much space

running df -h the output is:
rsyslogsrv:/var/lib/mysql/Syslog# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 61G 46G 12G 80% /
tmpfs 443M 0 443M 0% /lib/init/rw
udev 10M 80K 10M 1% /dev
tmpfs 443M 0 443M 0% /dev/shm

searching for big files I founded:
/var/lib/mysql/Syslog
rsyslogsrv:/var/lib/mysql/Syslog# du -sh ./*
4.0K ./db.opt
12K ./SystemEvents.frm
16G ./SystemEvents.MYD
357M ./SystemEvents.MYI
12K ./SystemEventsProperties.frm
0 ./SystemEventsProperties.MYD
4.0K ./SystemEventsProperties.MYI
rsyslogsrv:/var/lib/mysql/Syslog#

./SystemEvents.MYD is the guilty
So...what could I do in order to reduce file syste usage? There is some maintenance function?

Thanks
mlist
Advanced
 
Posts: 27
Joined: Thu Dec 18, 2008 12:15 pm

Re: Appliance maintenance

Postby alorbach » Wed Jan 21, 2009 4:49 pm

You can run the maintenance option in the Admin Center (See Sources Admin) manually. It will delete older records from your database then. This requires the latest Version of phpLogCon, which is currently 2.5.23. There is also a sample cron script in the src/cron folder, if you want to run maintenance deletions regulary.

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: Appliance maintenance

Postby mlist » Wed Jan 21, 2009 5:46 pm

ok just 2 questions about this:

1) Why db files increase so much
Now I have only 1 device (a juniper firewall) that is sending logs. So...how is possible that in 1 month 16GB of data are been created? Could it depend on device log level configuration? I mean:
in my juniper firewall I enabled:
Security Facility: LOCAL0
Facility: LOCAL0
Moreover there is a section named:
Log Packets Terminated to Self
Syslog: Emergency(ON) Alert Critical Error(ON) Warning(ON) Notification(ON) Information Debugging(ON)

I know that every appliance is different from the others but in your opinion, chanching some settins like Facility or Emergency(OFF) could change something?

I APOLOGIZE FOR THIS STUPID QUESTION BUT I NEVER USED SYSLOG AND I READ SOME DOCS BUT I'M A BIT CONFUSED...

2) Backup old files
Supposing I haven't much disk space and that my appliance has filesytem full. How could I save last month' data in a bck file and (after backup), delete old files through admin funcion?


Marco
mlist
Advanced
 
Posts: 27
Joined: Thu Dec 18, 2008 12:15 pm

Re: Appliance maintenance

Postby alorbach » Tue Jan 27, 2009 3:20 pm

1. Depends on what information is being logged. If you have firewall logging enabled, and some traffic on this machine, a lot of data can be generated by each day. But I am not a rsyslog guru, so I can not tell you what you should log and what you shouldn't.

2. This is unfortunately not possible yet, but we will work on advanced backup methods within the next versions.

--
best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: Appliance maintenance

Postby rgerhards » Tue Jan 27, 2009 3:45 pm

umm... I could swear I posted a reply, but maybe I've forgotten to press submit...

On the volume; it is not an rsyslog thing either. As Andre said, it depends on what your systems log. The range is from a couple of hundred messages each day for a lone workstation to a few terabytes of data (really!) in a busy Internet data center. rsyslog processes around 100,000 messages per second, maybe more on sufficiently capable hardware. So I wouldn't base the upper limit of traffic volume on that number ;)

It more depends on how many devices log, and what they log. For example, if you enable debug logging in the devices, even a low-end home environment can see really heavy traffic.

Rainer
rgerhards
Site Admin
 
Posts: 3807
Joined: Thu Feb 13, 2003 11:57 am

Re: Appliance maintenance

Postby mlist » Thu Feb 12, 2009 9:19 am

Hi Andre and Rainer

Before all I thank you for your kind reply and I apologize for the delay in the reply. I think to have understood what you mean about filesystem usage and I think that the problem is that my firewall sends ALL TRAFFIC LOG so...about 10GB of data are created every day.
At this point I think that in order to use your appliance, 2 futures are compulsory in the next release:

1) USE LVM
Appliance could use LVM because with the combination of vmware server and LVM is very easy to add new "virtual hard disks" and configure them.
All my production server are configured with lvm because with some few commands (pvcreate,vgextend,lvextend) and vmware server in 10 minute I'm able to expand filesystem without any alchemies and without any reboot.
2) BACKUP FUTURE
I know that add future requires time so..although less important than the previous suggestion, I think that a good backup future should be included as soon as possible

Thanks
Marco
mlist
Advanced
 
Posts: 27
Joined: Thu Dec 18, 2008 12:15 pm

Re: Appliance maintenance

Postby niraj » Wed Nov 02, 2011 2:50 pm

I am about to say the similar thing. YOu are absolutly rigth. I completly agree with you!!!
niraj
New
 
Posts: 1
Joined: Wed Nov 02, 2011 2:45 pm

Google Ads



Return to SyslogAppliance

Who is online

Users browsing this forum: No registered users and 0 guests

cron