Knowledgebase

Portal Home > Knowledgebase > Articles Database > How many of you do centralized syslog-ing?


How many of you do centralized syslog-ing?




Posted by quad3datwork, 05-21-2010, 06:18 PM
If so, how does it help you? Helps in what way?
Posted by madaboutlinux, 05-22-2010, 05:56 AM
I don't think even 1% of the people would be doing that. It mostly helps in a situation where your servers are hacked and you can still refer all the logs to figure out what went wrong and rectify things.
Posted by huwnet, 05-22-2010, 06:51 AM
If done correctly it could help you be far more proactive about fixing errors as they happen
Posted by quad3datwork, 05-23-2010, 08:56 PM
you are absolutely right. i found an exim mail problem and fix it yesterday. i'm using rsyslog+phplogcon.
Posted by helpyoulinux, 05-24-2010, 11:48 AM
Give a try to splunk. It is best for centralized logging.
Posted by LiquidWebBenny, 05-24-2010, 12:19 PM
We use syslog-ng all over the place, and find it incredibly helpful. In my opinion, you should use centralized logging anytime you want to. It's typically simple to set up, and terrifically helpful. If you wait to do it until you need it, you're far more likely to wish you hadn't. We use centralized logging on all of our clusters, and all of our shared servers, and anywhere else it might be helpful. The sooner you start, the more easy it will be to implement, too, as you can just make it part of what you do when you get a new servers.
Posted by huwnet, 05-24-2010, 12:53 PM
I've been following rsyslog a bit ever since it has become the new default in Fedora and some other distros. Sadly I feel the documentation is lacking a little which is ashame. If they sorted this and made their site a little less cluttered I think they'd increase their userbase a fair bit. I've never tried this myself although it seems very impressive from the website. It'd be nice to see rsyslog become more like this in the future. Out of interest, are you logging centrally to text files or to a database? MySQL logging was one of the good points I liked about rsyslog. It seems this is possible with syslog-ng as well although it doesn't seem to be a core feature so I'm not sure how reliable it would be?
Posted by quad3datwork, 05-24-2010, 12:59 PM
I believe 95% of the people never ever will mess with syslog config. Personally, I added some LOCAL* entries to rsyslog and enable remote logging, which is the same syntax as syslog. I don't recall the reason I started using rsyslog, think it was because of less used resource overall. I've used Splunk couple a years ago. It is impressive. Search utility is utterly badass. However, I'm fighting over the thought of introducing another app to maintain and additional system resources it uses. So think I'll stick with rsyslog+MySQL+phplogcon for now. Thanks!
Posted by lockbull, 05-24-2010, 03:08 PM
I think you will see this become more popular since centralized logging is, for all practical purposes, a requirement for PCI compliance.
Posted by Steven, 05-24-2010, 03:33 PM
I utilize rsyslog+MySQL+phplogcon. It is very useful to get a centralized location to see /var/log/messages, helps in catching drive failures and disk i/o problems before they get serious. rsyslog has pretty awesome ssl capability.
Posted by quad3datwork, 05-24-2010, 11:17 PM
I just noticed when you googled phplogcon, theres actually two projects... which one are you guys using? http://loganalyzer.adiscon.com/ (Looks like they used to be phplogcon, with v3 release they renamed to LogAnalyzer) http://sourceforge.net/projects/phplogcon/


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
chkrootkit results (Views: 504)
Online Freelance VB Programmer (Views: 502)
i need modesecurety Rule (Views: 541)
about Windows Hosting (Views: 511)
How many CPU can be used for gigenetcloud plan? (Views: 519)

Language: