Hi, Rsyslog is an option and is included in RHEL 5.2 as an RPM. I like it because it allows you to post the priority.facility (PRI) values in the syslog messages which make it easier to filter for 'interesting' messages via a centralized server running swatch. Syslog-ng may also do this but I've not used it. Thanks, Tim -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Kenneth Holter Sent: Wednesday, January 14, 2009 9:42 AM To: redhat-list@xxxxxxxxxx Subject: Setting up centralized logging Hello list. We're planning on setting up centralized logging for our RHEL systems, and have to decide on applications to use for collecting logs and analyzing them. Most of our systems are running RHEL, so we're looking for software that is supported on this platform. The first issue would be to decide on which syslog implementation to use, and "syslog-ng" seems to be very popular. Will this be included in EPEL or such in near future? Are there better options than syslog-ng? After collecting the syslog data, we'll need to analyze them. Swatch and SEC are two options, as well as logwatch. The latter doesn't monitor in real time, so I guess this one is out of the picture. Feedback on Swatch and SEC, as well as other good options, is appreciated. Lastly, we'll have to decide on how to set up the architecture, such as relay architecture or single central loghost. Does anyone know of good documentation that discusses this issue? Regards, Kenneth Holter -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this e-mail are those of the author and are not endorsed by the author's employer. Le présent message, ainsi que tout fichier qui y est joint, est envoyé à l'intention exclusive de son ou de ses destinataires; il est de nature confidentielle et peut constituer une information privilégiée. Nous avertissons toute personne autre que le destinataire prévu que tout examen, réacheminement, impression, copie, distribution ou autre utilisation de ce message et de tout fichier qui y est joint est strictement interdit. Si vous n'êtes pas le destinataire prévu, veuillez en aviser immédiatement l'expéditeur par retour de courriel et supprimer ce message et tout document joint de votre système. Sauf indication contraire, les opinions exprimées dans le présent message sont celles de l’auteur et ne sont pas avalisées par l’employeur de l’auteur.
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
