central logging host vs. reliability of receiving a message
Hi,
I'd like to centralize our companies logging infrastructure. Our
current situation is that log messages are stored locally on each node
where they are just waiting to be logrotated and thus are quite
useless since most of the time noone bothers about collecting all the
info and rather tells people the log messages just couldn't be found.
I tried to convince our department chief to just use a central log
host so that we can start building tools around a central location but
he wants facts about reliability. Given the underlying network works,
are there any mechanisms standard syslog uses to guarantee messages
are received by the other side?
I know that it uses udp so the reliability part must be somewhere in
the application (that is for standard syslog). According to
http://www.balabit.com/network-security/syslog-ng/features/ syslog-ng
supports sending messages over TCP so that would solve the problem but
I remember that "drop in replacement" wasn't quite true for syslog-ng,
I may be wrong.
If anyone has a couple of good links to throw at my boss so that I can
back up the pro's of centralized logging with hard facts (con's are
also welcome) I'd be greatful,
thanks
martin
--
http://www.xing.com/profile/Martin_Marcher
You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.
Reply to: