[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: central logging

Am 22.05.2010 14:27, schrieb Petter Reinholdtsen:
Why syslog-ng?  I thought rsyslog was more flexible than syslog-ng?

Why do you need to change the clients?  As far as I can see, the
default on the clients are to forward all syslog messages (see
/usr/share/debian-edu-config/rsyslog-client), so all pam_unix auth
messages should already be forwarded.
For some reasons, I use a pure debian lenny on my clients and bind it into the skolelinux network. So i don't had to change something and i also need the possibility to store the syslogfiles from my windows clients. When i started to search, it seems to me, that it's easier with syslog-ng. I also had my experience with some Loganalyzer like Logzilla (but it's to RAM-intensive), which uses syslog-ng. So i started from zero and made my decision. But maybe, its better to use rsyslog, because it is the default for skolelinux. But i want to forward not all logs to tjener, because of diskspace and networktraffic, and i want to create a folder-structure like /var/log/$date//$hostname for more overview and to delete messages older than 30 days. I can't find a way to use systemvariables with rsyslog - do you know a way?


Reply to: