Kenneth, >Date: Wed, 14 Jan 2009 15:42:22 +0100 >From: "Kenneth Holter" <kenneho.ndu@xxxxxxxxx> > >We're planning on setting up centralized logging for our RHEL systems, and >have to decide on applications to use for collecting logs and analyzing >them. >Most of our systems are running RHEL, so we're looking for software that is >supported on this platform. > >The first issue would be to decide on which syslog implementation to use, >and "syslog-ng" seems to be very popular. Will this be included in EPEL or >such in near future? >Are there better options than syslog-ng? How *very* odd - at work, last week, we were just deciding on this, and setting it up. Anyway, my manager decided on syslog-ng, which has been around a long time, although I understand that rsyslog is coming in as the standard with CentOS. What we did was to set up one syslog server with syslog-ng. All the other servers were left with the stock syslog, which does allow you to specify that a copy of the log should also be sent to a remote server. For example, in the /etc/syslog.conf, for the std. syslog, you add: *.info;mail.none;authpriv.info;cron.none;kern.debug;daemon.err @<syslog server name> Then, on the syslog server, as I said, we put in syslog-ng. In its configuration file, I separated remote servers (and tcp and udp incoming logs), and then set up filters and destinations in <path>/<hostname><YYYYMMDD>/<logs> Setting up filters turned out to be incredibly easy. One post I found very helpful was <https://lists.balabit.hu/pipermail/syslog-ng/2007-May/010176.html> In my case, I used facility(secure) and match(strings I wanted), and dumped them in separate destinations. > >After collecting the syslog data, we'll need to analyze them. Swatch and SEC >are two options, as well as logwatch. The latter doesn't monitor in real >time, so I guess this one is out of the picture. Feedback on Swatch and SEC, >as well as other good options, is appreciated. <snip> Let us know how it goes. I'd be interested in knowing what you use. mark -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
