Setting up centralized logging

Mon Feb 16 13:26:08 UTC 2009

I though I'd give swatch a try, but can't seem to find it in the
repository. Does swatch exist in any official RHEL 5.x repos?

On 1/14/09, De Vries, Timothy <Timothy.DeVries at bmo.com> wrote:
>
> Hi,
>
> Rsyslog is an option and is included in RHEL 5.2 as an RPM.  I like it
> because it allows you to post the priority.facility (PRI) values in the
> syslog messages which make it easier to filter for 'interesting' messages
> via a centralized server running swatch.  Syslog-ng may also do this but
> I've not used it.
>
> Thanks,
> Tim
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of Kenneth Holter
> Sent: Wednesday, January 14, 2009 9:42 AM
> To: redhat-list at redhat.com
> Subject: Setting up centralized logging
>
>
> Hello list.
>
>
> We're planning on setting up centralized logging for our RHEL systems, and
> have to decide on applications to use for collecting logs and analyzing
> them.
> Most of our systems are running RHEL, so we're looking for software that is
> supported on this platform.
>
> The first issue would be to decide on which syslog implementation to use,
> and "syslog-ng" seems to be very popular. Will this be included in EPEL or
> such in near future?
> Are there better options than syslog-ng?
>
> After collecting the syslog data, we'll need to analyze them. Swatch and
> SEC
> are two options, as well as logwatch. The latter doesn't monitor in real
> time, so I guess this one is out of the picture. Feedback on Swatch and
> SEC,
> as well as other good options, is appreciated.
>
> Lastly, we'll have to decide on how to set up the architecture, such as
> relay architecture or single central loghost. Does anyone know of good
> documentation that discusses this issue?
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> This e-mail and any attachments may contain
> confidential and privileged information. If you are
> not the intended recipient, please notify the sender
> immediately by return e-mail, delete this e-mail
> and destroy any copies. Any dissemination or use
> of this information by a person other than the
> intended recipient is unauthorized and may be
> illegal. Unless otherwise stated, opinions expressed
> in this e-mail are those of the author and are not
> endorsed by the author's employer.
>
> Le présent message, ainsi que tout fichier qui y est
> joint, est envoyé à l'intention exclusive de son ou
> de ses destinataires; il est de nature confidentielle
> et peut constituer une information privilégiée. Nous
> avertissons toute personne autre que le destinataire
> prévu que tout examen, réacheminement, impression, copie,
> distribution ou autre utilisation de ce message et de
> tout fichier qui y est joint est strictement interdit.
> Si vous n'êtes pas le destinataire prévu, veuillez en
> aviser immédiatement l'expéditeur par retour de courriel
> et supprimer ce message et tout  document joint de votre système.
> Sauf indication contraire, les opinions exprimées dans le présent
> message sont celles de l'auteur et ne sont pas avalisées par
> l'employeur de l'auteur.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>