On Tue, Feb 19, 2008 at 09:42:43PM -0700, Steve B wrote: | My employer has given me some free colo space and I thought I would take | advantage of it to do remote system logging. Those of you here who are doing | it, could you comment on whether you are using Syslog-NG or something else, | and whether you are doing it over SSH or IPSEC? I have looked at various | articles around the net but would like some first hand comments.
I use syslog-ng and stunnel, almost trivial to setup. Scenario looks something like this: 1. message arrives in syslog and is logged to a local file 2. additionally, all messages are also sent to a "remote" server 3. "remote server" is actually stunnel in listening on the loopback 4. stunnel wraps up and forwards message to remote server 5. remote server stunnel receives packet and decrypts it 6. stunnel forwards decrypted packets (ie. message) to syslog-ng 7. syslog-ng on the server splits logs up according to host, date, etc. This setup has worked for me quite well. In my last job, I had around 25 different machines all logging to a single host via syslog-ng over stunnel. Load on the hosts, even the logging server, was negligable. The config itself is really easy. Work on it a while and see how you do. If you still are stuck, I might be convinced to provide an example. peace. ryanc
