[syslog-ng] SEC and syslog
Solis, Alex (EMC)
axsolis at cps-ems.com
Thu Jan 10 17:29:25 CET 2008
I have been using syslog-ng and logdog.pl
(http://caspian.dotconf.net/menu/Software/LogDog/) for quite some time
but now want to move to SEC because of its thresholding and suppression
features. I noticed that SEC can monitor files and does not necessarily
need a FIFO pipe. I also noticed that syslog-ng can send logs directly
to a program using the program() feature. My question is which is the
best way to implement the syslog-ng to SEC conduit? Should I create a
pipe and ask SEC to monitor that because its efficient? Should I simply
ask SEC to monitor syslog-ng's destination file even though files are
rotated every night? Or should I use syslog-ng's program() feature to
send messages to SEC. I guess all will work but which is the best
option.
Thanks for any insight.
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080110/30b0aae1/attachment.htm
More information about the syslog-ng
mailing list