After a bit of research I picked rsyslog. Actually, my syslog servers "had" to be RHEL, so I have all my logs going to 2 servers; one runs rsyslog and the other the syslogd that shipped with RHEL. They have different retention policies, one keeps about 30 days of logs online, the other about 90 days.
Rsyslog has some cool features that may come in handy for a centralized logging environment. I don't use many (any?) of them right now, but it's nice to know they're there. Depending on your environment you may want to check it out. It's really handy if you can replace your sending hosts syslogd with rsyslogd - if the central log server fails it will buffer log entries locally and then ship them when the server comes back up. Also supports tcp based syslog and a couple other "lossless" protocols. I have mostly Ci$co gear logging here so can't really replace their logging daemon! HTH G -----Original Message----- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Aleksandr Miroslav Sent: Friday, January 07, 2011 3:09 PM To: freebsd-questions@freebsd.org Subject: which syslog??? (rsyslog? syslog-ng? or default?) I have some boxes (about 40) that I was tasked with creating a centralized logging infrastructure for. I see in ports that we have several different versions of rsyslog, and syslog-ng. Is there any reason to use one or the other? Or should I just use the syslog that come with the base OS? thanks, Alex _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
