[Fwd: RE: [syslog-ng]Odd problem]

Przemek Bak przemolicc@poczta.fm
Mon, 20 Nov 2000 11:59:03 +0100


----- Forwarded message from "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil> -----

> From: "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil>
> To: "'syslog-ng@lists.balabit.hu'" <syslog-ng@lists.balabit.hu>
> Subject: RE: [syslog-ng]Odd problem
> Date: Fri, 17 Nov 2000 12:31:40 +0100
> 
> Actually yes.  I use syslog-ng to log from about 1500 sources.  Most of it
> is not real intense, but I get around 5 gigabytes per day.  I use every
> facility.  Some of the facilities are used for more than one program.  Which
> before syslog-ng wasn't possible to do. The granularity I get from syslog-ng
> is considerably better than syslogd and my life is much simpler for it.
> Because of our security processes the logging from the routers used to go
> three places, our security people, our sysadmins, and our management tools.
> The router was sending every message three times.   Now they go to our
> central system and the logs that need to go to the security people are
> forwarded to them and the same with our management tools, with the correct
> host name.  And the traffic is much less over the WAN.  Which was the goal
> of the exercise.  I would say for us that syslog-ng has been very
> successful.

How do you manage when part of the net is down ? For example,
router is sending messages to your central logging host,
but the messages go through another router which is down for a while.


przemol