[TriLUG] centralized logging

Paul G. Szabady paul at thyservice.com
Wed Jan 13 22:34:19 EST 2010


We use a combo of your standard syslog (soon to be syslog-ng) and splunk 
(http://www.splunk.com/).  The latter is great for giving different 
groups of people (ie: sysadmin, developers, managers)  access to certain 
logs, tracking issues through complex load balanced systems, pretty 
reports for manager types, etc.  They even have (or had recently) a 
fully functionally download for free.  Of course, the licensing is based 
on the amount of data you gather, so the freebie version is/was limited 
by the amount of data and your retention policy, etc.

@ Thy Service

Josh Johnson wrote:
> I want to collect various server logs into a centralized place. What's 
> the best way to do this? What should I keep in mind when migrating to 
> a centralized logging infrastructure?
> I've been looking at syslog-ng and rsyslogd. I've got a combination of 
> RHEL 5 and Ubuntu machines.
> The primary reason why I need this is because I've got SAN hardware 
> that will send syslog messages over the SAN network when drives are 
> getting close to failure or have failed (the docs say I can get a 
> fairly early warning).
> I'm also going to deploy some web applications that generate lots of 
> logs and will need to be periodically checked to extract usage 
> statistics and diagnose usability issues.
> Thanks,
> JJ
> -- 
> TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions

More information about the TriLUG mailing list