Re: central logging
Am 22.05.2010 14:27, schrieb Petter Reinholdtsen:
For some reasons, I use a pure debian lenny on my clients and bind it
into the skolelinux network. So i don't had to change something and i
also need the possibility to store the syslogfiles from my windows
clients. When i started to search, it seems to me, that it's easier with
syslog-ng. I also had my experience with some Loganalyzer like Logzilla
(but it's to RAM-intensive), which uses syslog-ng. So i started from
zero and made my decision.
But maybe, its better to use rsyslog, because it is the default for
skolelinux. But i want to forward not all logs to tjener, because of
diskspace and networktraffic, and i want to create a folder-structure
like /var/log/$date//$hostname for more overview and to delete messages
older than 30 days. I can't find a way to use systemvariables with
rsyslog - do you know a way?
Why syslog-ng? I thought rsyslog was more flexible than syslog-ng?
Why do you need to change the clients? As far as I can see, the
default on the clients are to forward all syslog messages (see
/usr/share/debian-edu-config/rsyslog-client), so all pam_unix auth
messages should already be forwarded.