[TriLUG] TriLUG Digest, Vol 941, Issue 1

David Matusiak dave at matusiak.org
Wed Jan 13 12:04:37 EST 2010


Josh,

My recommendation is to try out Splunk.  http://www.splunk.com/

If you would like to spend a lot more money than that, then please
contact me off-list.  Thanks!
David M.


On Wed, Jan 13, 2010 at 12:00 PM,  <trilug-request at trilug.org> wrote:

> Message: 1
> Date: Wed, 13 Jan 2010 09:22:24 -0500
> From: Josh Johnson <josh_johnson>
> Subject: [TriLUG] centralized logging
>
> I want to collect various server logs into a centralized place. What's
> the best way to do this? What should I keep in mind when migrating to
> a centralized logging infrastructure?
>
> I've been looking at syslog-ng and rsyslogd. I've got a combination of
> RHEL 5 and Ubuntu machines.
>
> The primary reason why I need this is because I've got SAN hardware
> that will send syslog messages over the SAN network when drives are
> getting close to failure or have failed (the docs say I can get a
> fairly early warning).
>
> I'm also going to deploy some web applications that generate lots of
> logs and will need to be periodically checked to extract usage
> statistics and diagnose usability issues.
>
> Thanks,
> JJ



More information about the TriLUG mailing list