From owner-freebsd-questions@FreeBSD.ORG Fri Jan 7 21:55:03 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65D231065675 for ; Fri, 7 Jan 2011 21:55:03 +0000 (UTC) (envelope-from Ggatten@waddell.com) Received: from mailhost0.waddell.com (mailhost0.waddell.com [12.154.38.61]) by mx1.freebsd.org (Postfix) with ESMTP id 243378FC1E for ; Fri, 7 Jan 2011 21:55:02 +0000 (UTC) Received: from emlpfilt2.waddell.com (emlpfilt2.waddell.com [10.1.10.30]) by mailhost0.waddell.com (Postfix) with ESMTP id 8C15250995; Fri, 7 Jan 2011 15:54:52 -0600 (CST) Received: from emlpfilt2.waddell.com (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 859372F8002; Fri, 7 Jan 2011 15:54:52 -0600 (CST) Received: from WADPHTCAS0.waddell.com (wadphtcas0.waddell.com [192.168.203.229]) by emlpfilt2.waddell.com (Postfix) with ESMTP id 7F19C2F8001; Fri, 7 Jan 2011 15:54:52 -0600 (CST) Received: from WADPMBXV0.waddell.com ([169.254.1.151]) by WADPHTCAS0.waddell.com ([192.168.203.229]) with mapi; Fri, 7 Jan 2011 15:54:52 -0600 From: Gary Gatten To: 'Aleksandr Miroslav' , "freebsd-questions@freebsd.org" Date: Fri, 7 Jan 2011 15:54:51 -0600 Thread-Topic: which syslog??? (rsyslog? syslog-ng? or default?) Thread-Index: Acuus14CyUdL7KMmSuauckAAIQoT5QAATK4w Message-ID: <14952_1294437292_4D278BAC_14952_171_1_D9B37353831173459FDAA836D3B43499A7AF90FE@WADPMBXV0.waddell.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: Subject: RE: which syslog??? (rsyslog? syslog-ng? or default?) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jan 2011 21:55:03 -0000 After a bit of research I picked rsyslog. Actually, my syslog servers "had= " to be RHEL, so I have all my logs going to 2 servers; one runs rsyslog an= d the other the syslogd that shipped with RHEL. They have different retent= ion policies, one keeps about 30 days of logs online, the other about 90 da= ys. Rsyslog has some cool features that may come in handy for a centralized log= ging environment. I don't use many (any?) of them right now, but it's nice= to know they're there. Depending on your environment you may want to chec= k it out. It's really handy if you can replace your sending hosts syslogd = with rsyslogd - if the central log server fails it will buffer log entries= locally and then ship them when the server comes back up. Also supports t= cp based syslog and a couple other "lossless" protocols. I have mostly Ci$= co gear logging here so can't really replace their logging daemon! HTH G -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@f= reebsd.org] On Behalf Of Aleksandr Miroslav Sent: Friday, January 07, 2011 3:09 PM To: freebsd-questions@freebsd.org Subject: which syslog??? (rsyslog? syslog-ng? or default?) I have some boxes (about 40) that I was tasked with creating a centralized logging infrastructure for. I see in ports that we have several different versions of rsyslog, and syslog-ng. Is there any reason to use one or the other? Or should I just use the syslog that come with the base OS? thanks, Alex _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."