Setting up centralized logging

Romeo Theriault romeotheriault at
Thu Jan 15 14:44:18 UTC 2009

I've been using swatch now for about 1 year. It's been really great. It
hasn't died on my  once and has caught all things I've asked it to. I have
it sending me emails and sms messages, based on the severity of the log

On Wed, Jan 14, 2009 at 9:42 AM, Kenneth Holter <kenneho.ndu at>wrote:

> Hello list.
> We're planning on setting up centralized logging for our RHEL systems, and
> have to decide on applications to use for collecting logs and analyzing
> them.
> Most of our systems are running RHEL, so we're looking for software that is
> supported on this platform.
> The first issue would be to decide on which syslog implementation to use,
> and "syslog-ng" seems to be very popular. Will this be included in EPEL or
> such in near future?
> Are there better options than syslog-ng?
> After collecting the syslog data, we'll need to analyze them. Swatch and
> are two options, as well as logwatch. The latter doesn't monitor in real
> time, so I guess this one is out of the picture. Feedback on Swatch and
> SEC,
> as well as other good options, is appreciated.
> Lastly, we'll have to decide on how to set up the architecture, such as
> relay architecture or single central loghost. Does anyone know of good
> documentation that discusses this issue?
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at

Romeo Theriault

More information about the redhat-list mailing list