> On Sun, Jul 31, 2011 at 4:20 AM, <[email protected]> wrote: >> On Sat, 30 Jul 2011, [email protected] wrote: >>> I've been doing a few basic remote rsyslog services for a few months with >>> mostly >>> good results. >>> Now we want to have dozens of servers all log many different services to a central >>> log server. Each service has its own set of challenges due to varying >>> levels of >>> syslog compatibility/compliance, but my main, simple (stupid?) question >>> is...what >>> do you do about the fact that there aren't really enough different, unique facilities to go around for all the different logs you want to keep? >> facility based logging is insufficient for just about any serious logging project. personally I act as if facility doesn't exist at all (and frequently act as if severity doesn't exist) > That is the same approach I've taken in my logging projects, I share your opinion on this David. > > > I used tags and filters on the other hand to achieve that, completely ignoring facilities and severity.
I didn't even know you could do (r)syslog without facilities. Every client app, when configured to log to syslog, seems to require a facility, even if not a severity. I'd love to get rid of this albatross. Is this a good start?: http://www.rsyslog.com/doc/rsyslog_conf_filter.html Are you basically saying that one can ignore true "syslog" and just have a client server's rsyslogd remotely log any text log file to the log server, based on these filters? Is it safe to assume that Adiscon's own LogAnalyzer can digest these non-syslog-like logs without much trouble? Thanks again! _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
