[Fwd: RE: [syslog-ng]Odd problem]
Hamilton, Andrew Mr.
HamiltonA@hq.5sigcmd.army.mil
Mon, 20 Nov 2000 12:34:16 +0100
Sometimes I lose messages. Usually our analysts get things rerouted fairly
swiftly so for the most part I don't lose too much, but in a network as
large as ours it is impossible to get every message anyway. We usually have
multiple routes to most of our regions. I realize that in life sometimes
there are things that you can't do anything about. This is one of them.
There are way too many devices for me to keep track of EVERY message from
ALL of them. I do my best to get what they send and that is all I can do.
syslog-ng is considerably better at helping me do that than syslogd.
Regards
Drew
> -----Original Message-----
> From: Przemek Bak [SMTP:przemolicc@poczta.fm]
> Sent: Monday, November 20, 2000 11:59 AM
> To: syslog-ng@lists.balabit.hu
> Subject: [Fwd: RE: [syslog-ng]Odd problem]
>
> ----- Forwarded message from "Hamilton, Andrew Mr."
> <HamiltonA@hq.5sigcmd.army.mil> -----
>
> > From: "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil>
> > To: "'syslog-ng@lists.balabit.hu'" <syslog-ng@lists.balabit.hu>
> > Subject: RE: [syslog-ng]Odd problem
> > Date: Fri, 17 Nov 2000 12:31:40 +0100
> >
> > Actually yes. I use syslog-ng to log from about 1500 sources. Most of
> it
> > is not real intense, but I get around 5 gigabytes per day. I use every
> > facility. Some of the facilities are used for more than one program.
> Which
> > before syslog-ng wasn't possible to do. The granularity I get from
> syslog-ng
> > is considerably better than syslogd and my life is much simpler for it.
> > Because of our security processes the logging from the routers used to
> go
> > three places, our security people, our sysadmins, and our management
> tools.
> > The router was sending every message three times. Now they go to our
> > central system and the logs that need to go to the security people are
> > forwarded to them and the same with our management tools, with the
> correct
> > host name. And the traffic is much less over the WAN. Which was the
> goal
> > of the exercise. I would say for us that syslog-ng has been very
> > successful.
>
> How do you manage when part of the net is down ? For example,
> router is sending messages to your central logging host,
> but the messages go through another router which is down for a while.
>
>
> przemol
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng