------=_Part_4994_19214985.1208716413044
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Thanks for the responses.
I am planning to run complex queries such as when a event changes
drastically. I also plan on generating several types of re****ts pertaining
the data. I was wondering if there was a generic but powerful schema for
time series related stuff.
On Sun, Apr 20, 2008 at 5:59 AM, Jan Danielsson
<jan.m.danielsson@[EMAIL PROTECTED]
>
wrote:
> Mag Gam wrote:
> > While reading this article, History tables and event logging --
> > http://www.ibm.com/developerworks/web/library/wa-dbdsgn2.html,
I
> realized I
> > try to do event logging in SQL.
> >
> > My question are: Is SQL a good tool for event logging? Does anyone
have
> a
> > sample table sctucture for the most optimal way of event logging?
> Current I
> > have 2 tables. 1 table with timestamps, another with event. Can anyone
> > recommend a better way?
>
> It depends on what you want to accomplish in the end. Just storage,
> or do you want to perform "complex" queries?
>
> I store my firewall & sshd authtentication attempt logs in a
> postgreql database. And I've written a python based web front-end to
> view the data, and pull out statistics and such. I also have a "Generate
> abuse re****t" link for when there's been a break-in attempt.
>
> Personally, I see no reason to separate timestamps and event entries,
> unless you're getting a lot of events during the same timestamp, and
> want to save some space. But there are other factors to consider: How
> many events do you get per timestamp? How long times does an insert into
> a single table vs two tables take?
>
> You should probably try the simplest possibly solution first, and see
> if you need to make it more complex as you can gather empirical data on
> how it performs.
>
> --
> Kind regards,
> Jan Danielsson
>
>
>
------=_Part_4994_19214985.1208716413044
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Thanks for the responses. <br><br>I am planning to run complex queries
such as when a event changes drastically. I also plan on generating
several types of re****ts pertaining the data. I was wondering if there was
a generic but powerful schema for time series related stuff. <br>
<br><br><br><br><br><div class="gmail_quote">On Sun, Apr 20, 2008 at 5:59
AM, Jan Danielsson <<a
href="mailto:jan.m.danielsson@[EMAIL PROTECTED]
">jan.m.danielsson@[EMAIL PROTECTED]
>>
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid
rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="Wj3C7c">Mag Gam wrote:<br>
> While reading this article, History tables and event logging --<br>
> <a
href="http://www.ibm.com/developerworks/web/library/wa-dbdsgn2.html"
target="_blank">http://www.ibm.com/developerworks/web/library/wa-dbdsgn2.html</a>,
I realized I<br>
> try to do event logging in SQL.<br>
><br>
> My question are: Is SQL a good tool for event logging? Does anyone
have a<br>
> sample table sctucture for the most optimal way of event logging?
Current I<br>
> have 2 tables. 1 table with timestamps, another with event. Can
anyone<br>
> recommend a better way?<br>
<br>
</div></div> It depends on what you want to accomplish in the end.
Just storage,<br>
or do you want to perform "complex" queries?<br>
<br>
I store my firewall & sshd authtentication attempt logs in
a<br>
postgreql database. And I've written a python based web front-end
to<br>
view the data, and pull out statistics and such. I also have a
"Generate<br>
abuse re****t" link for when there's been a break-in attempt.<br>
<br>
Personally, I see no reason to separate timestamps and event
entries,<br>
unless you're getting a lot of events during the same timestamp,
and<br>
want to save some space. But there are other factors to consider: How<br>
many events do you get per timestamp? How long times does an insert
into<br>
a single table vs two tables take?<br>
<br>
You should probably try the simplest possibly solution first, and
see<br>
if you need to make it more complex as you can gather empirical data
on<br>
how it performs.<br>
<br>
--<br>
Kind regards,<br>
<font color="#888888">Jan Danielsson<br>
<br>
<br>
</font></blockquote></div><br>
------=_Part_4994_19214985.1208716413044--
|
