[TriLUG] centralized logging

[Josh Johnson]

I want to collect various server logs into a centralized place. What's  
the best way to do this? What should I keep in mind when migrating to  
a centralized logging infrastructure?

I've been looking at syslog-ng and rsyslogd. I've got a combination of  
RHEL 5 and Ubuntu machines.

The primary reason why I need this is because I've got SAN hardware  
that will send syslog messages over the SAN network when drives are  
getting close to failure or have failed (the docs say I can get a  
fairly early warning).

I'm also going to deploy some web applications that generate lots of  
logs and will need to be periodically checked to extract usage  
statistics and diagnose usability issues.

Thanks,
JJ