[syslog-ng]some general questions
Longina Przybyszewska
longina@imada.sdu.dk
Mon, 6 Jan 2003 11:56:18 +0100 (CET)
hi,
I try to install a central loghost on Solaris9 server.
My first approch is to have syslog-ng only on loghost, all other machines
( some Solaris servers + tens of Linux workstations & servers) run own
syslog which is configured to send everything to the loghost -
which I understand is the most recommended practice.
====(in syslog.conf)===
*.debug @loghost
===
In this approach I like that I don't have to change software on all
machines (exchange from syslog -> syslog-ng) ,
but I don't like that there is anormous amount of unnecessery information
send to the loghost.
My question is : isn't it better to filter messages locally, and send to
the loghost information of some importance?
Do I risk to loose some important info, by sending all of *.warn and higer
to loghost?
How can I get rid of repeated lines in incoming messages?
regards
Longina
--
Longina Przybyszewska, system programmer
Dept. of Math. & Comp. Sci. - IMADA
University of Southern Denmark, Odense
Campusvej 55,DK-5230 Odense M, Denmark
tel: +45 6550 2359 - http://www.imada.sdu.dk email: longina@imada.sdu.dk
--