Hi, I'd like to centralize our companies logging infrastructure. Our current situation is that log messages are stored locally on each node where they are just waiting to be logrotated and thus are quite useless since most of the time noone bothers about collecting all the info and rather tells people the log messages just couldn't be found.
I tried to convince our department chief to just use a central log host so that we can start building tools around a central location but he wants facts about reliability. Given the underlying network works, are there any mechanisms standard syslog uses to guarantee messages are received by the other side? I know that it uses udp so the reliability part must be somewhere in the application (that is for standard syslog). According to http://www.balabit.com/network-security/syslog-ng/features/ syslog-ng supports sending messages over TCP so that would solve the problem but I remember that "drop in replacement" wasn't quite true for syslog-ng, I may be wrong. If anyone has a couple of good links to throw at my boss so that I can back up the pro's of centralized logging with hard facts (con's are also welcome) I'd be greatful, thanks martin -- http://www.xing.com/profile/Martin_Marcher You are not free to read this message, by doing so, you have violated my licence and are required to urinate publicly. Thank you. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
