[Fwd: RE: [syslog-ng]Odd problem]
Przemek Bak
przemolicc@poczta.fm
Mon, 20 Nov 2000 11:59:03 +0100
----- Forwarded message from "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil> -----
> From: "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil>
> To: "'syslog-ng@lists.balabit.hu'" <syslog-ng@lists.balabit.hu>
> Subject: RE: [syslog-ng]Odd problem
> Date: Fri, 17 Nov 2000 12:31:40 +0100
>
> Actually yes. I use syslog-ng to log from about 1500 sources. Most of it
> is not real intense, but I get around 5 gigabytes per day. I use every
> facility. Some of the facilities are used for more than one program. Which
> before syslog-ng wasn't possible to do. The granularity I get from syslog-ng
> is considerably better than syslogd and my life is much simpler for it.
> Because of our security processes the logging from the routers used to go
> three places, our security people, our sysadmins, and our management tools.
> The router was sending every message three times. Now they go to our
> central system and the logs that need to go to the security people are
> forwarded to them and the same with our management tools, with the correct
> host name. And the traffic is much less over the WAN. Which was the goal
> of the exercise. I would say for us that syslog-ng has been very
> successful.
How do you manage when part of the net is down ? For example,
router is sending messages to your central logging host,
but the messages go through another router which is down for a while.
przemol