I have just completed the class: Advanced Monitoring with Orion NPM. Where we talked a lot about TRAPs and Syslog Processing. One of the Major draw backs that was brought to light was the amount of processing that was required in a large environment. And the was related to the processing ability of SQL. Now my thought is because TRAPs and syslog follow a known and fixed format, why is it processed like variable data. You have another protocol that uses a known and fix format, that you tried to put in SQL, NetFlow! Once you moved that data out of SQL and onto its own file system the change was night and day. I would think that same could be done with TRAPs and SysLog.
Much that same as NetFlow has its own File System, TRAPs and SysLog should also have their own File System. This would make processing much quicker and allow for better and faster access to the data.
Thank You for the time.
