[TriLUG] centralized logging
jsnonzzr at gmail.com
Wed Jan 13 09:34:53 EST 2010
my company offers an aggregated log service that I am not going to pitch to
you. What I have learnt from this, is that log data can get very over
whelming, even when you have software designed specifically for making it
easy. If you decide to pay for a service or software that is specifically
designed to collect, aggregate, and present it to you in a need order, stay
away from the offerings of eIQ. they promise a lot, but are not able to
deliver it as nicely as the promise.
hope I was able to provide some insight.
On Wed, Jan 13, 2010 at 9:22 AM, Josh Johnson <josh_johnson at unc.edu> wrote:
> I want to collect various server logs into a centralized place. What's the
> best way to do this? What should I keep in mind when migrating to a
> centralized logging infrastructure?
> I've been looking at syslog-ng and rsyslogd. I've got a combination of RHEL
> 5 and Ubuntu machines.
> The primary reason why I need this is because I've got SAN hardware that
> will send syslog messages over the SAN network when drives are getting close
> to failure or have failed (the docs say I can get a fairly early warning).
> I'm also going to deploy some web applications that generate lots of logs
> and will need to be periodically checked to extract usage statistics and
> diagnose usability issues.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG