[syslog-ng] Store and forward for ~800 hosts
Josh Rivel
jrivel at reliantsec.net
Tue Aug 19 23:03:42 CEST 2008
Hello.
I have roughly 800 OpenSolaris hosts running syslog-ng 1.6.11, logging
back to another OpenSolaris host running 2.1beta2.
Most of the remote locations are over slow DSL lines, so the client
has requested that we only do log collection between 04:00 and 06:00
(for example)
What's the best method for this? I thought about just logging everything
locally at the remote locations and rsync'ing the log files back
to the syslog-ng server during those hours, but I' not sure if
that two hour window will be enough to gather all the data.
If the commercial version of syslog-ng supports such a configuration,
then I'm sure that the client would be consider purchasing it, so if
that's an option let me know.
Ideally there should be a way to only send logs remotely between
a certain time window from the remote machines, all other times log locally,
and then dump the remaining logs during that time window.
I've searched the mailing list archives and couldn't find anything applicable.
Thanks in advance,
Josh
More information about the syslog-ng
mailing list