Centralized logging for multiple servers

Kon Wilms konfoo at gmail.com
Sat Apr 18 20:16:20 MSD 2009


On Sat, Apr 18, 2009 at 2:22 AM, Gabriel Ramuglia <gabe at vtunnel.com> wrote:
> If I have to do a lot of processing to reduce my log volume, and then
> go back to the raw logs in case I actually needed the data, is there
> really a lot of benefit to using splunk in the first place?

Depends on who your splunk users are and how important the extraneous
data is. If it is tech support staff then it is still invaluable at
being able to give them a mid/high level overview of any outages or
problems with customer accounts (since they may not be able to fix the
underlying problem anyway). If you have hundreds of accounts and
servers offering multiple services, it is a big help. And many times
there is no need to log all the data on the system, e.g. with a lot of
rsync jobs you really don't need the rsync logging output -- only if
the job was successful. Similarly with sync jobs that run every 5
minutes, I don't log success; only failure. The list goes on..

Cheers
Kon





More information about the nginx mailing list