Many thanks to: Rob Foehl, Chris Ruhnke, Peter Kunst, Michael Grice, Brad Morrison, Jamie Walker, Alan Pae, Rob Windsor, Martin Wheatley, Ronny Martin, and Mike Demarco for all of your excellent input on my syslog server query. To summarize in brief, I asked about the impact and "gotchas" surrounding using a central syslog server, if I should worry about the system and network load generated, and how many different types of messages I should log to the central server. Almost unanimously, the response was that syslog messages going to a single central server did not present anything close to a heavy system or network load, even in a large, multi-system environment. The biggest issue in a larger multi-system environment seemed to be disk space management, and management of log rotation. There are good tools for doing this, and many folks had the syslog messages broken down by category and stuffed into databases for later retrieval. One syslog management tool that was mentioned was SMT: http://www.dangermen.com/smt/ Other helpful comments and suggestions included were: - Use "syslog-ng"! This is a very nice rewrite of the syslog daemon facility which has many very useful features imbedded in it. - Set up log file rotations! Rotate daily in a "busy" environment. - Be sure to log critical messages both at the local host and the remote loghost, to ensure the message really gets logged *somewhere*. Network problems could cause loss of messages. - Carefully consider whether you want to remotely log auth messages, as sometimes a user may type their password in the place of where the user ID should go, and that password would be transmitted in plaintext over the wire, in "snoop-ready form". - If things are indeed quite busy where you are, set up a separate management network to send the syslog messages over. Thanks again to all who replied! Ken Rossman rossman@columbia.edu _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Jun 29 10:42:08 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:49 EST