Building a Syslog Server

  • Thread starter Thread starter Guy Noir
  • Start date Start date
G

Guy Noir

Hello.

I am needing some advice. I need to build a syslog server that writes
to a sql backend.
I am concerned about the server not being able to handle multiple
requests. For example on an enterprise network, I may need to handle a
large number of requests. I assume a thread pool will be needed but I'm
wondering what other advice some of you might have?

Thanks in advance.

-A
 
Guy,

You wouldn't need to do this at all. SQL Server is built from the
ground up to handle multiple requests from multiple sources and not worry
about contention.

The only thing you have to worry about is if you are going to issue
multiple statements at the same time, and want them treated as an atomic
action (using a transaction), but that logic is up to you.

Hope this helps.
 
Nicholas, thanks for the reply.

What I am worried about is when the server is handling the inbound udp
message will it miss other incoming messages?

Thanks again
-A
 
Guy,

You shouldn't be worried about SQL Server when it handles incoming
messages. It handles concurrent messages fine on it's own.
 
Guy,
you would need to build a multithreaded UDPClient Server (probably a windows
service) to receive the SysLog messages.

I just finished one and I used Ami Bar's "Smart Threadpool" to handle the
thread pooling needs. I'd happily share some code, but I can't under my NDA.
Hope that helps.
Peter
 
Guy Noir said:
Hello.

I am needing some advice. I need to build a syslog server that writes
to a sql backend.
I am concerned about the server not being able to handle multiple
requests. For example on an enterprise network, I may need to handle a
large number of requests. I assume a thread pool will be needed but I'm
wondering what other advice some of you might have?

Thanks in advance.

-A
Click to expand...

Rather than reinventing the wheel, you may consider looking at Kiwi Syslog
Daemon. It runs as a Windows service and will log to number of different
targets, such a text files or ODBC data sources. We're using it on our
network to capture Syslog output from a number of network devices and Unix
servers. We have it configured to log to a SQL Server database. It works
quite well and the prices isn't too bad either, about $100, I believe.

http://www.kiwisyslog.com

CVD
 
Excellent idea, I never even thought to mention it.

Although in my case we need to be able to do message / priority / facility
parsing with a rules engine that can forward to another SysLog server, send
an SMS or email message, forward to MSMQ, and log to a SQL Server backend all
at the same time.
Peter

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
 
Excellent idea, I never even thought to mention it.
Although in my case we need to be able to do message / priority / facility
parsing with a rules engine that can forward to another SysLog server, send
an SMS or email message, forward to MSMQ, and log to a SQL Server backend all
at the same time.
Click to expand...

You can do that with Kiwi Syslog and NotePage's software - they have some info
about it here: http://www.notepage.net/kiwi-syslog/kiwi-syslog.htm

HTH
R. Crane
 
Peter, thanks for the link to Ami Bar's "Smart Threadpool".

I have used kiwi in the past as some have suggested, however I'm trying
to develop a turnkey package. (I have the client piece/service already
written.)

Do you have a suggestion as to the number of threads in the pool vs the
number of simultaneous udp syslog messages being fired at the server?

tia!!

-Aaron
 
Back
Top