RE: [Fwd: RE: [syslog-ng]Odd problem]

20 Nov 2000


      Sometimes I lose messages.  Usually our analysts get things rerouted fairly
swiftly so for the most part I don't lose too much, but in a network as
large as ours it is impossible to get every message anyway.  We usually have
multiple routes to most of our regions.  I realize that in life sometimes
there are things that you can't do anything about.  This is one of them.
There are way too many devices for me to keep track of EVERY message from
ALL of them.  I do my best to get what they send and that is all I can do.
syslog-ng is considerably better at helping me do that than syslogd.

Regards
Drew
...
-----Original Message-----
From:	Przemek Bak [SMTP:przemolicc@poczta.fm]
Sent:	Monday, November 20, 2000 11:59 AM
To:	syslog-ng@lists.balabit.hu
Subject:	[Fwd: RE: [syslog-ng]Odd problem]
----- Forwarded message from "Hamilton, Andrew Mr."
<HamiltonA@hq.5sigcmd.army.mil> -----
...
From: "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil>
To: "'syslog-ng@lists.balabit.hu'" <syslog-ng@lists.balabit.hu>
Subject: RE: [syslog-ng]Odd problem
Date: Fri, 17 Nov 2000 12:31:40 +0100
Actually yes.  I use syslog-ng to log from about 1500 sources.  Most of
it
is not real intense, but I get around 5 gigabytes per day.  I use every
facility.  Some of the facilities are used for more than one program.
Which
before syslog-ng wasn't possible to do. The granularity I get from
syslog-ng
is considerably better than syslogd and my life is much simpler for it.
Because of our security processes the logging from the routers used to
go
three places, our security people, our sysadmins, and our management
tools.
The router was sending every message three times.   Now they go to our
central system and the logs that need to go to the security people are
forwarded to them and the same with our management tools, with the
correct
host name.  And the traffic is much less over the WAN.  Which was the
goal
of the exercise.  I would say for us that syslog-ng has been very
successful.
How do you manage when part of the net is down ? For example,
router is sending messages to your central logging host,
but the messages go through another router which is down for a while.
przemol
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng

Hamilton, Andrew Mr.

tags

participants (1)