From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MGfc8-0007rW-0E for garchives@archives.gentoo.org; Tue, 16 Jun 2009 20:50:42 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 076F7E0300; Tue, 16 Jun 2009 20:50:39 +0000 (UTC) Received: from mail-ew0-f220.google.com (mail-ew0-f220.google.com [209.85.219.220]) by pigeon.gentoo.org (Postfix) with ESMTP id B1BCAE0300 for ; Tue, 16 Jun 2009 20:50:38 +0000 (UTC) Received: by ewy20 with SMTP id 20so475249ewy.34 for ; Tue, 16 Jun 2009 13:50:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=G69QWvEgEX4zp7yzqU8PkHlvkeE5KcBQDprjYiAtgpw=; b=B0TcCgTQjAtqEgNSzoYOktP9xeP74laLG0EjC7vs3in4NhaGuWJqPf29YomiEvw1IP YhkmNFHVYpxTytFIV5Evxl+A/HHDyU2eUxensFhSj2OTgTXGi9WxzgXleBaDfoA20Ha2 /4jxWEt33zYpJfFJQOZqlqAXH+CeV5NFgsRLQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=urGFTh4hSVoImqWvIJwH2LS9ThaE3MXpz0aSC2FBlkU85hVv1Sd4C8jLFx2fnVtddL me3WVICrO8ZOPP8LfRbEVZOPjp3G4YaTwAczpq/MawOuZqLx1SG+IC1MXO2822K+LU0L Z7hgwua8WG8qbLG8uWB8V21yzUb0SP4I9h/bY= Received: by 10.210.92.5 with SMTP id p5mr1777612ebb.22.1245185437900; Tue, 16 Jun 2009 13:50:37 -0700 (PDT) Received: from nazgul.localnet (196-210-153-123-rrdg-esr-2.dynamic.isadsl.co.za [196.210.153.123]) by mx.google.com with ESMTPS id 5sm188585eyf.28.2009.06.16.13.50.36 (version=SSLv3 cipher=RC4-MD5); Tue, 16 Jun 2009 13:50:36 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Sysloggers Date: Tue, 16 Jun 2009 22:49:01 +0200 User-Agent: KMail/1.11.4 (Linux/2.6.30-gentoo-r1; KDE/4.2.4; x86_64; ; ) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906162249.01707.alan.mckinnon@gmail.com> X-Archives-Salt: 1ef51f25-4ce8-42b6-a94f-494b11415f19 X-Archives-Hash: 5e13f5b11477aa4380347f40066bd35d Hi, Does anyone have decent experience with sysloggers other than syslog-ng, and be willing to share experiences? I'm especially interested in some of the advanced features of syslog-ng Premium from Balabit.com (based on and extending their open source version): SSL-encrypted traffic over the network Disk-based buffering on the client Windows agents Timezone aware (which syslog doesn't do and syslog-ng only partially) Encrypted disk files Filter, parse and rewrite incoming logs (vital if you need the auth log over here and the password field stored over there, without jumping through hoops first) High scalability - 2000 Cisco devices and 200+ servers to start, distributed country wide -- alan dot mckinnon at gmail dot com