which syslog??? (rsyslog? syslog-ng? or default?)
Ggatten at waddell.com
Fri Jan 7 21:55:03 UTC 2011
After a bit of research I picked rsyslog. Actually, my syslog servers "had" to be RHEL, so I have all my logs going to 2 servers; one runs rsyslog and the other the syslogd that shipped with RHEL. They have different retention policies, one keeps about 30 days of logs online, the other about 90 days.
Rsyslog has some cool features that may come in handy for a centralized logging environment. I don't use many (any?) of them right now, but it's nice to know they're there. Depending on your environment you may want to check it out. It's really handy if you can replace your sending hosts syslogd with rsyslogd - if the central log server fails it will buffer log entries locally and then ship them when the server comes back up. Also supports tcp based syslog and a couple other "lossless" protocols. I have mostly Ci$co gear logging here so can't really replace their logging daemon!
From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Aleksandr Miroslav
Sent: Friday, January 07, 2011 3:09 PM
To: freebsd-questions at freebsd.org
Subject: which syslog??? (rsyslog? syslog-ng? or default?)
I have some boxes (about 40) that I was tasked with creating a
centralized logging infrastructure for. I see in ports that we have
several different versions of rsyslog, and syslog-ng.
Is there any reason to use one or the other? Or should I just use the
syslog that come with the base OS?
freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
More information about the freebsd-questions