----- Forwarded message from "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil> -----
From: "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil> To: "'syslog-ng@lists.balabit.hu'" <syslog-ng@lists.balabit.hu> Subject: RE: [syslog-ng]Odd problem Date: Fri, 17 Nov 2000 12:31:40 +0100
Actually yes. I use syslog-ng to log from about 1500 sources. Most of it is not real intense, but I get around 5 gigabytes per day. I use every facility. Some of the facilities are used for more than one program. Which before syslog-ng wasn't possible to do. The granularity I get from syslog-ng is considerably better than syslogd and my life is much simpler for it. Because of our security processes the logging from the routers used to go three places, our security people, our sysadmins, and our management tools. The router was sending every message three times. Now they go to our central system and the logs that need to go to the security people are forwarded to them and the same with our management tools, with the correct host name. And the traffic is much less over the WAN. Which was the goal of the exercise. I would say for us that syslog-ng has been very successful.
How do you manage when part of the net is down ? For example, router is sending messages to your central logging host, but the messages go through another router which is down for a while. przemol