This is what I'd do John to keep it simple: 1. Bring up a log aggregator like Splunk (free for 500MB/day) or an open source one.
2. Point all UNIX syslog at all. 3. Install EventLog2Syslog on your Windows boxen. Point at server. 4. Install file2syslog on your Linux boxes. Point your Tomcat etc logs to localhost which routes to Splunk. That should catch 80% of what you need. The rest is the fun part. -- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author, "Best Practices for Managing Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices Identity Management, LDAP, and Linux Integration John Hebert wrote: > The more I google around and read your replies, the more I realize I need to > define some hard requirements for this project. :) > > We don't run too many apps on the UNIX boxes other than Tomcat and a few > others, so redirecting those logs won't be much work. I hope. > > All of the Tomcat installs are the same, so that won't be too much work. The > Solaris and CentOS boxes are pretty much identical, respectively. > > "Iceberg? Foolish man, this is the Titanic!" :) > > John Hebert > > > ----- Original Message ---- > From: Dustin Puryear <[EMAIL PROTECTED]> > To: [email protected] > Sent: Thursday, January 17, 2008 3:58:01 PM > Subject: Re: [brlug-general] open source tools for centralized logging? > > > AND you need something that can read the million more log files that > don't get pumped into syslog or Event Log. One way to mitigate that > though is to get a file2syslog tool and pump those into syslog. > > The thing is, 99% of the interesting stuff is not in /var/log/messages > or Event Log. It's in $apphome/logs/error.log. > > John, you've debugged a Tomcat app before. You know what I mean. :) > > > Scott Harney wrote: >> Dustin Puryear wrote: >>> Seriously, if you have more than just UNIX syslog logging needs, > just >>> doing a syslog server via Cygwin isn't going to get you very far. >>> >> Right. you need something that will export Windows Event viewer > "events" >> to syslog messages that can be shipped to a local (Cygwin) or remote >> (linux) syslog server. > > > > > > > > ____________________________________________________________________________________ > Never miss a thing. Make Yahoo your home page. > http://www.yahoo.com/r/hs > > _______________________________________________ > General mailing list > [email protected] > http://mail.brlug.net/mailman/listinfo/general_brlug.net _______________________________________________ General mailing list [email protected] http://mail.brlug.net/mailman/listinfo/general_brlug.net
