[Linux-disciples] Syslogging
Stephen R Laniel
steve at laniels.org
Thu Feb 9 21:23:15 EST 2006
Word to the wise: syslog (package sysklogd) appears
to be insufficient for anything beyond basic syslogging.
At work, we want to centralize all of our syslogs in one
central machine, and for right now we're even just trying to
get the syslogs from one Barracuda appliance to reside on
another machine so that we can grep through it and don't
need to use the sub-par tools available on the Barracuda. So
we need remote logging abilities. The standard syslog does
that, via the '-r' option. But then we want to pull the logs
for 10.1.1.37 off into their own file. We could do that via
post-processing on /var/log/syslog, but for a few obvious
reasons I think it would be better to have the syslogger
itself do this. The standard syslog only allows you to
separate logs by facility and urgency, not by incoming IP
address.
The alternatives appear to be metalog and syslog-ng, among
presumably many others. Metalog doesn't allow remote
logging, though it does allow PCRE filtering of syslogs.
Syslog-ng appears to be the only variant that allows both
filtering and remote logging, so it's the only one that
works for us. Syslog-ng's syntax is reminiscent of BIND's.
If anyone else has experience in these issues, I'd love to
hear.
--
Stephen R. Laniel
steve at laniels.org
Cell: +(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20060209/f4cf95be/attachment.pgp
More information about the Linux-disciples
mailing list