Setting up centralized logging
Kenneth Holter
kenneho.ndu at gmail.com
Wed Jan 14 14:42:22 UTC 2009
Hello list.
We're planning on setting up centralized logging for our RHEL systems, and
have to decide on applications to use for collecting logs and analyzing
them.
Most of our systems are running RHEL, so we're looking for software that is
supported on this platform.
The first issue would be to decide on which syslog implementation to use,
and "syslog-ng" seems to be very popular. Will this be included in EPEL or
such in near future?
Are there better options than syslog-ng?
After collecting the syslog data, we'll need to analyze them. Swatch and SEC
are two options, as well as logwatch. The latter doesn't monitor in real
time, so I guess this one is out of the picture. Feedback on Swatch and SEC,
as well as other good options, is appreciated.
Lastly, we'll have to decide on how to set up the architecture, such as
relay architecture or single central loghost. Does anyone know of good
documentation that discusses this issue?
Regards,
Kenneth Holter
More information about the redhat-list
mailing list