[opensource] syslog and syslog-ng question

Jason Crum jason at roboguys.com
Thu Oct 26 20:40:59 EDT 2006


syslog-ng does indeed stand for syslog next generation. It's many times more
flexible than the traditional syslog daemon and works as a drop in
replacement for syslog in most *nix environments (I've had luck with it in
probably four or five Linux distros, Solaris, and *BSD). The list of
improvements over syslog is fairly lengthy, but this page touches on some of
the improvements:

http://people.clarkson.edu/~jnm/security/classInput/syslog.html

FWIW, I solved my own problem below with syslog-ng using templates.

-jc

-----Original Message-----
From: Brian Dittmer [mailto:dittmer.6 at osu.edu] 
Sent: Wednesday, October 25, 2006 5:03 PM
To: Jason Crum; opensource at cse.ohio-state.edu
Subject: Re: [opensource] syslog and syslog-ng question

An aside:

I've heard of syslog-ng (ng stands for Next Generation...correct?) but 
haven't actually used it.  Does it offer many benefits over traditional 
syslog?

-Brian

Jason Crum wrote:
> Hi there. This is my first email to this list, so if this isn't the proper
venue for this kind of question I'll slink back into the shadows.
>
> I'm trying to set up a central logging server for several *nix boxes, most
are running Solaris 10 x86 or CentOS 4.3 (or so). I need to insert a unique
string in the syslog data these servers send to the central logging server
(for those that are interested, it's running Splunk and receiving data from
several Windows servers using Snare and several Cisco devices via syslog
feeds into FIFOs that are then fed into specific Splunk parsers).
>
> Some of these servers run syslog, others run syslog-ng. If I have to
upgrade all of the servers to syslog-ng I can live with that.
>
> With syslog-ng, I think I can insert a string using a template as part of
the destination. I haven't tried it yet, but I think I can probably make it
work. Aside from using a template, is there a more elegant solution to this
using syslog-ng?
>
> Also, is there a way to insert a string into syslog (not syslog-ng) data?
>
> Thanks in advance.
>
> -jc
> _______________________________________________
> Opensource mailing list
> Opensource at cse.ohio-state.edu
> http://mail.cse.ohio-state.edu/mailman/listinfo/opensource
>
>   



More information about the Opensource mailing list