you can setup filters, and logging templates in syslog-ng, so you can split up the the log entries for each host into their own log files. As an example, on our syslog-ng server, we have the logging destination setup as:<br>
file ( "/path/$FULLHOST_FROM/$FULLHOST_FROM-$YEAR-$MONTH-$DAY.log"<br><br>so in the directory structure, all the entries that are received are split up per host per day into separate logs. <br>
<br><br>Mike Devlin<br>Manager of Operations<br><a href="http://boston.com">boston.com</a> <br><br><br><br><div class="gmail_quote">On Fri, May 15, 2009 at 12:29 PM, Mike Sprague <span dir="ltr"><<a href="mailto:mfs@komerex.com">mfs@komerex.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Very rough guess, about 100 million lines/day from both mail and web.<br>
Though they would be broken up into various 'classes'. For example, I<br>
would expect about 10 million lines/day from our outgoing mail servers<br>
and I would want them to be considered separate from our incoming servers.<br>
<br>
Thanks for your input!<br>
<div class="im"><br>
mikeS<br>
<br>
--<br>
Michael F. Sprague<br>
<a href="mailto:mfs@komerex.com">mfs@komerex.com</a><br>
<br>
_______________________________________________<br>
</div><div><div></div><div class="h5">bblisa mailing list<br>
<a href="mailto:bblisa@bblisa.org">bblisa@bblisa.org</a><br>
<a href="http://www.bblisa.org/mailman/listinfo/bblisa" target="_blank">http://www.bblisa.org/mailman/listinfo/bblisa</a><br>
</div></div></blockquote></div><br>