* [gentoo-user] Sysloggers @ 2009-06-16 20:49 Alan McKinnon 2009-06-17 14:33 ` Mark Shields 0 siblings, 1 reply; 8+ messages in thread From: Alan McKinnon @ 2009-06-16 20:49 UTC (permalink / raw To: gentoo-user Hi, Does anyone have decent experience with sysloggers other than syslog-ng, and be willing to share experiences? I'm especially interested in some of the advanced features of syslog-ng Premium from Balabit.com (based on and extending their open source version): SSL-encrypted traffic over the network Disk-based buffering on the client Windows agents Timezone aware (which syslog doesn't do and syslog-ng only partially) Encrypted disk files Filter, parse and rewrite incoming logs (vital if you need the auth log over here and the password field stored over there, without jumping through hoops first) High scalability - 2000 Cisco devices and 200+ servers to start, distributed country wide -- alan dot mckinnon at gmail dot com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Sysloggers 2009-06-16 20:49 [gentoo-user] Sysloggers Alan McKinnon @ 2009-06-17 14:33 ` Mark Shields 2009-06-17 18:35 ` Dale 2009-06-17 21:31 ` Alan McKinnon 0 siblings, 2 replies; 8+ messages in thread From: Mark Shields @ 2009-06-17 14:33 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1066 bytes --] On Tue, Jun 16, 2009 at 4:49 PM, Alan McKinnon <alan.mckinnon@gmail.com>wrote: > Hi, > > Does anyone have decent experience with sysloggers other than syslog-ng, > and > be willing to share experiences? > > I'm especially interested in some of the advanced features of syslog-ng > Premium from Balabit.com (based on and extending their open source > version): > > SSL-encrypted traffic over the network > Disk-based buffering on the client > Windows agents > Timezone aware (which syslog doesn't do and syslog-ng only partially) > Encrypted disk files > Filter, parse and rewrite incoming logs (vital if you need the auth log > over > here and the password field stored over there, without jumping through > hoops > first) > High scalability - 2000 Cisco devices and 200+ servers to start, > distributed > country wide > > -- > alan dot mckinnon at gmail dot com > > syslog-ng is the de facto standard. Metalog is fine for desktops, but I use syslog-ng on all my servers. Nearly all programs that can process log files are compatible with it. -- - Mark Shields [-- Attachment #2: Type: text/html, Size: 1420 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Sysloggers 2009-06-17 14:33 ` Mark Shields @ 2009-06-17 18:35 ` Dale 2009-06-17 21:31 ` Alan McKinnon 1 sibling, 0 replies; 8+ messages in thread From: Dale @ 2009-06-17 18:35 UTC (permalink / raw To: gentoo-user Mark Shields wrote: > On Tue, Jun 16, 2009 at 4:49 PM, Alan McKinnon > <alan.mckinnon@gmail.com <mailto:alan.mckinnon@gmail.com>> wrote: > > Hi, > > Does anyone have decent experience with sysloggers other than > syslog-ng, and > be willing to share experiences? > > I'm especially interested in some of the advanced features of > syslog-ng > Premium from Balabit.com (based on and extending their open source > version): > > SSL-encrypted traffic over the network > Disk-based buffering on the client > Windows agents > Timezone aware (which syslog doesn't do and syslog-ng only partially) > Encrypted disk files > Filter, parse and rewrite incoming logs (vital if you need the > auth log over > here and the password field stored over there, without jumping > through hoops > first) > High scalability - 2000 Cisco devices and 200+ servers to start, > distributed > country wide > > -- > alan dot mckinnon at gmail dot com > > > syslog-ng is the de facto standard. Metalog is fine for desktops, but > I use syslog-ng on all my servers. Nearly all programs that can > process log files are compatible with it. > > -- > - Mark Shields Same here. I do wish it would fill my log full of dups tho. Sometimes my DVD thinks there is media in there and it is trying to read it when it is empty. Since it does this every two seconds, it can create a HUGE messages file in a hurry. logrotate helps with this but still, no need doing the same line hundreds of thousands of times. Dale :-) :-) P. S. Now some guru tell me that it can be told not to do that. :/ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Sysloggers 2009-06-17 14:33 ` Mark Shields 2009-06-17 18:35 ` Dale @ 2009-06-17 21:31 ` Alan McKinnon 2009-06-17 21:48 ` Neil Bothwick 1 sibling, 1 reply; 8+ messages in thread From: Alan McKinnon @ 2009-06-17 21:31 UTC (permalink / raw To: gentoo-user On Wednesday 17 June 2009 16:33:39 Mark Shields wrote: > On Tue, Jun 16, 2009 at 4:49 PM, Alan McKinnon <alan.mckinnon@gmail.com>wrote: > > Hi, > > > > Does anyone have decent experience with sysloggers other than syslog-ng, > > and > > be willing to share experiences? > > > > I'm especially interested in some of the advanced features of syslog-ng > > Premium from Balabit.com (based on and extending their open source > > version): > > > > SSL-encrypted traffic over the network > > Disk-based buffering on the client > > Windows agents > > Timezone aware (which syslog doesn't do and syslog-ng only partially) > > Encrypted disk files > > Filter, parse and rewrite incoming logs (vital if you need the auth log > > over > > here and the password field stored over there, without jumping through > > hoops > > first) > > High scalability - 2000 Cisco devices and 200+ servers to start, > > distributed > > country wide > > > > -- > > alan dot mckinnon at gmail dot com > > syslog-ng is the de facto standard. Metalog is fine for desktops, but I > use syslog-ng on all my servers. Nearly all programs that can process log > files are compatible with it. I can't argue with that. I just get a little paranoid about auth logs being sent (with credentials) over partially-open networks, hence the attraction of encrypted traffic -- alan dot mckinnon at gmail dot com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Sysloggers 2009-06-17 21:31 ` Alan McKinnon @ 2009-06-17 21:48 ` Neil Bothwick 2009-06-17 22:17 ` Alan McKinnon 0 siblings, 1 reply; 8+ messages in thread From: Neil Bothwick @ 2009-06-17 21:48 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 397 bytes --] On Wed, 17 Jun 2009 23:31:24 +0200, Alan McKinnon wrote: > I can't argue with that. I just get a little paranoid about auth logs > being sent (with credentials) over partially-open networks, hence the > attraction of encrypted traffic What about using an SSH tunnel? -- Neil Bothwick If Wile E. Coyote had enough money to buy all that ACME crap, why didn't he just buy dinner? [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Sysloggers 2009-06-17 21:48 ` Neil Bothwick @ 2009-06-17 22:17 ` Alan McKinnon 2009-06-17 22:37 ` Mick 0 siblings, 1 reply; 8+ messages in thread From: Alan McKinnon @ 2009-06-17 22:17 UTC (permalink / raw To: gentoo-user On Wednesday 17 June 2009 23:48:38 Neil Bothwick wrote: > On Wed, 17 Jun 2009 23:31:24 +0200, Alan McKinnon wrote: > > I can't argue with that. I just get a little paranoid about auth logs > > being sent (with credentials) over partially-open networks, hence the > > attraction of encrypted traffic > > What about using an SSH tunnel? I thought about that - people other than me set up most of the machines and this may or may not be easy for them to do in practice. I'm sure you've seen how easy it is for otherwise smart people to royally screw up anything with ssh in it's name... Just keeping my options open, maybe there's something better suited to what I need than vanilla syslog-ng -- alan dot mckinnon at gmail dot com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Sysloggers 2009-06-17 22:17 ` Alan McKinnon @ 2009-06-17 22:37 ` Mick 2009-06-19 14:11 ` [gentoo-user] Sysloggers Harry Putnam 0 siblings, 1 reply; 8+ messages in thread From: Mick @ 2009-06-17 22:37 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1478 bytes --] On Wednesday 17 June 2009, Alan McKinnon wrote: > On Wednesday 17 June 2009 23:48:38 Neil Bothwick wrote: > > On Wed, 17 Jun 2009 23:31:24 +0200, Alan McKinnon wrote: > > > I can't argue with that. I just get a little paranoid about auth logs > > > being sent (with credentials) over partially-open networks, hence the > > > attraction of encrypted traffic > > > > What about using an SSH tunnel? > > I thought about that - people other than me set up most of the machines and > this may or may not be easy for them to do in practice. I'm sure you've > seen how easy it is for otherwise smart people to royally screw up anything > with ssh in it's name... > > Just keeping my options open, maybe there's something better suited to what > I need than vanilla syslog-ng Perhaps rsyslog? http://www.rsyslog.com ======================================== "Among others, it offers support for on-demand disk buffering, reliable syslog over TCP, SSL, TLS and RELP, writing to databases (MySQL, PostgreSQL, Oracle, and many more), email alerting, fully configurable output formats (including high-precision timestamps), the ability to filter on any part of the syslog message, on-the-wire message compression, and the ability to convert text files to syslog. It is a drop-in replacement for stock syslogd and able to work with the same configuration file syntax." ======================================== It's in portage. -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* [gentoo-user] Re: Sysloggers 2009-06-17 22:37 ` Mick @ 2009-06-19 14:11 ` Harry Putnam 0 siblings, 0 replies; 8+ messages in thread From: Harry Putnam @ 2009-06-19 14:11 UTC (permalink / raw To: gentoo-user Mick <michaelkintzios@gmail.com> writes: > Perhaps rsyslog? > > http://www.rsyslog.com > ======================================== > "Among others, it offers support for on-demand disk buffering, reliable > syslog over TCP, SSL, TLS and RELP, writing to databases (MySQL, PostgreSQL, > Oracle, and many more), email alerting, fully configurable output formats > (including high-precision timestamps), the ability to filter on any part of > the syslog message, on-the-wire message compression, and the ability to > convert text files to syslog. It is a drop-in replacement for stock syslogd > and able to work with the same configuration file syntax." > ======================================== > > It's in portage. And I can say as an rsyslog user...of some mnths, that even if you don't need all those refinements, for just basic use it just like syslog and doesn't require learning yet another config syntax like syslog-ng does. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2009-06-19 14:15 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-06-16 20:49 [gentoo-user] Sysloggers Alan McKinnon 2009-06-17 14:33 ` Mark Shields 2009-06-17 18:35 ` Dale 2009-06-17 21:31 ` Alan McKinnon 2009-06-17 21:48 ` Neil Bothwick 2009-06-17 22:17 ` Alan McKinnon 2009-06-17 22:37 ` Mick 2009-06-19 14:11 ` [gentoo-user] Sysloggers Harry Putnam
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox