You need to look into these :- - Will you be over writing your syslog file or creating one huge file and appending? -Check disk space available. -OS does not matter. -How would you like your Syslogged files to be organised.There are various options.- By IP, time , date etc -What are you syslogging ? Which equipment/s. If you understand the Syslog messages, then close this email, else compile list of Syslog messages and their interpretation.Goto last step -LAst but not least, have a smart SNMP tool. Syslog is one way to help diagnose. Have the SNMP send you a wireless message/page/beep/email when you are partying on Saturday night.
PS- What is your role in the company ? If you are a Sys Admin, you better get moving pronto on this before someone ( like me ;-) ) notices the absence of such basic things. AND please dont ask anyone in your Network group about which OS to use for Syslog -Friend on the Internet is a friend indeed :-) Pradeep -----Original Message----- From: Gon�alo Gomes [mailto:[EMAIL PROTECTED]] Sent: Monday, November 19, 2001 11:22 AM To: leon Cc: [EMAIL PROTECTED] Subject: Re: Syslog OS Question On Fri, 16 Nov 2001, leon wrote: > Hi, > > I am about to set up a sys-log server on a production network and I was > wondering if anyone had any suggestions as to why one OS might be better > then another (for example why someone would choose Debian over Redhat or > Solaris over BSD) . I would like to stick to Unix or Linux based OS's > if possible. > > Thanks in advance, > > Leon Hello leon, i see no problems on using any of the above mentioned systems if they're secured enough, some of the rules one might need to follow are restricting services, i'd sugest, if the server will be dedicated to craft logs from other syslogs, IDS's, firewall, routers, etc... to be firewalled, in case of linux iptables/ipchains, would be sufficient, only allow udp streams on port 514 comming from trusted machines. Besides, i didn't fully understood what you mean't by comparisson of the above systems, if their own purpose is logging, they work almost likely the same, also you might would like to check out the archive of the mailling list [EMAIL PROTECTED], and check sans.org there are some interesting documents concerning how to build a bastion host. Best regards, -Gon�alo.
