Martin wrote: > I know that it uses udp so the reliability part must be somewhere in > the application (that is for standard syslog). According to > http://www.balabit.com/network-security/syslog-ng/features/ syslog-ng > supports sending messages over TCP so that would solve the problem but > I remember that "drop in replacement" wasn't quite true for syslog-ng, > I may be wrong.
To do basically the same thing as syslog, apt-get install syslog-ng will work just fine. If you want to change the protocol it uses to TCP, or increase the default buffer size(syslog-ng will buffer log events if the remote server is down and transmit them when it returns) then you need further config, though it's pretty simple. I've been using syslog-ng exclusively for several years now without much issue. Can't imagine a reason to use the original syslog anymore. Though another project rsyslog seems to have popped up recently(at least as far as I'm concerned), haven't spent any time looking at it though. > If anyone has a couple of good links to throw at my boss so that I can > back up the pro's of centralized logging with hard facts (con's are > also welcome) I'd be greatful, I'd say show him the flash videos on www.splunk.com nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
