Setting up centralized logging

De Vries, Timothy Timothy.DeVries at Bmo.com
Wed Jan 14 14:50:13 UTC 2009 

Hi,

Rsyslog is an option and is included in RHEL 5.2 as an RPM.  I like it because it allows you to post the priority.facility (PRI) values in the syslog messages which make it easier to filter for 'interesting' messages via a centralized server running swatch.  Syslog-ng may also do this but I've not used it.

Thanks,
Tim
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com]On Behalf Of Kenneth Holter
Sent: Wednesday, January 14, 2009 9:42 AM
To: redhat-list at redhat.com
Subject: Setting up centralized logging


Hello list.


We're planning on setting up centralized logging for our RHEL systems, and
have to decide on applications to use for collecting logs and analyzing
them.
Most of our systems are running RHEL, so we're looking for software that is
supported on this platform.

The first issue would be to decide on which syslog implementation to use,
and "syslog-ng" seems to be very popular. Will this be included in EPEL or
such in near future?
Are there better options than syslog-ng?

After collecting the syslog data, we'll need to analyze them. Swatch and SEC
are two options, as well as logwatch. The latter doesn't monitor in real
time, so I guess this one is out of the picture. Feedback on Swatch and SEC,
as well as other good options, is appreciated.

Lastly, we'll have to decide on how to set up the architecture, such as
relay architecture or single central loghost. Does anyone know of good
documentation that discusses this issue?


Regards,
Kenneth Holter
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
-------------- next part --------------


This e-mail and any attachments may contain
confidential and privileged information. If you are
not the intended recipient, please notify the sender
immediately by return e-mail, delete this e-mail
and destroy any copies. Any dissemination or use
of this information by a person other than the
intended recipient is unauthorized and may be
illegal. Unless otherwise stated, opinions expressed
in this e-mail are those of the author and are not
endorsed by the author's employer.

Le présent message, ainsi que tout fichier qui y est 
joint, est envoyé à l'intention exclusive de son ou 
de ses destinataires; il est de nature confidentielle
et peut constituer une information privilégiée. Nous
avertissons toute personne autre que le destinataire
prévu que tout examen, réacheminement, impression, copie,
distribution ou autre utilisation de ce message et de
tout fichier qui y est joint est strictement interdit.
Si vous n'êtes pas le destinataire prévu, veuillez en
aviser immédiatement l'expéditeur par retour de courriel
et supprimer ce message et tout  document joint de votre système.
Sauf indication contraire, les opinions exprimées dans le présent
message sont celles de l?auteur et ne sont pas avalisées par
l?employeur de l?auteur.

More information about the redhat-list mailing list