[TriLUG] centralized logging
Paul G. Szabady
paul at thyservice.com
Wed Jan 13 22:34:19 EST 2010
Josh,
We use a combo of your standard syslog (soon to be syslog-ng) and splunk
(http://www.splunk.com/). The latter is great for giving different
groups of people (ie: sysadmin, developers, managers) access to certain
logs, tracking issues through complex load balanced systems, pretty
reports for manager types, etc. They even have (or had recently) a
fully functionally download for free. Of course, the licensing is based
on the amount of data you gather, so the freebie version is/was limited
by the amount of data and your retention policy, etc.
--
Paul
@ Thy Service
Josh Johnson wrote:
> I want to collect various server logs into a centralized place. What's
> the best way to do this? What should I keep in mind when migrating to
> a centralized logging infrastructure?
>
> I've been looking at syslog-ng and rsyslogd. I've got a combination of
> RHEL 5 and Ubuntu machines.
>
> The primary reason why I need this is because I've got SAN hardware
> that will send syslog messages over the SAN network when drives are
> getting close to failure or have failed (the docs say I can get a
> fairly early warning).
>
> I'm also going to deploy some web applications that generate lots of
> logs and will need to be periodically checked to extract usage
> statistics and diagnose usability issues.
>
> Thanks,
> JJ
> --
> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG
mailing list