[TriLUG] centralized logging

Jason Watts jsnonzzr at gmail.com
Wed Jan 13 09:34:53 EST 2010


my company offers an aggregated log service that I am not going to pitch to
you.  What I have learnt from this, is that log data can get very over
whelming, even when you have software designed specifically for making it
easy.  If you decide to pay for a service or software that is specifically
designed to collect, aggregate, and present it to you in a need order, stay
away from the offerings of eIQ.  they promise a lot, but are not able to
deliver it as nicely as the promise.

hope I was able to provide some insight.

On Wed, Jan 13, 2010 at 9:22 AM, Josh Johnson <josh_johnson at unc.edu> wrote:

> I want to collect various server logs into a centralized place. What's the
> best way to do this? What should I keep in mind when migrating to a
> centralized logging infrastructure?
> I've been looking at syslog-ng and rsyslogd. I've got a combination of RHEL
> 5 and Ubuntu machines.
> The primary reason why I need this is because I've got SAN hardware that
> will send syslog messages over the SAN network when drives are getting close
> to failure or have failed (the docs say I can get a fairly early warning).
> I'm also going to deploy some web applications that generate lots of logs
> and will need to be periodically checked to extract usage statistics and
> diagnose usability issues.
> Thanks,
> JJ
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions

More information about the TriLUG mailing list