On Sat, 26 Jan 2013, Tracy Reed wrote:
On Fri, Jan 25, 2013 at 10:57:33PM PST, David Lang spake thusly:
The modern syslog daemons (rsyslog, syslog-ng, nxlog, etc) will all support
Don't forget Logstash, Splunk, and GELF2 (greylog) which are also means of
moving logs around.
Logstash qualifies in terms of functionality (I'm not sure about it's
performance, I've just started looking at it.
GELF2 I have not heard of before
Splunk is a good proprietary system for dealing with logs, but while it's really
good at getting logs into splunk, it's not that good about getting the logs to
anything else
I have a large (300G/day, 20+ machine with >320TB disk, >1TB ram) splunk cluster
that is part of my system, but I put it in the analysis layer, I try to keep it
from doing the log gathering itself.
I am quite leery of vendor lock-in. I don't want to end up in a position where
we have to reconfigure every system if we decide to dump a vendor (or the vendor
gos off and does things that dump us). If you use one of the syslog daemons for
your log transport you are not locked in to any one implementation, and any
logging tool out there will interoperate with syslog.
David Lang
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
