[brlug-general] open source tools for centralized logging?

Dustin Puryear dustin at puryear-it.com
Thu Jan 17 16:41:03 CST 2008 

This is what I'd do John to keep it simple:

1. Bring up a log aggregator like Splunk (free for 500MB/day) or an open 
source one.

2. Point all UNIX syslog at all.

3. Install EventLog2Syslog on your Windows boxen. Point at server.

4. Install file2syslog on your Linux boxes. Point your Tomcat etc logs 
to localhost which routes to Splunk.

That should catch 80% of what you need. The rest is the fun part.

--
Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414
http://www.puryear-it.com

Author, "Best Practices for Managing Linux and UNIX Servers"
   http://www.puryear-it.com/pubs/linux-unix-best-practices

Identity Management, LDAP, and Linux Integration


John Hebert wrote:
> The more I google around and read your replies, the more I realize I need to define some hard requirements for this project. :)
> 
> We don't run too many apps on the UNIX boxes other than Tomcat and a few others, so redirecting those logs won't be much work. I hope.
> 
> All of the Tomcat installs are the same, so that won't be too much work. The Solaris and CentOS boxes are pretty much identical, respectively.
> 
> "Iceberg? Foolish man, this is the Titanic!" :)
> 
> John Hebert
> 
> 
> ----- Original Message ----
> From: Dustin Puryear <dustin at puryear-it.com>
> To: general at brlug.net
> Sent: Thursday, January 17, 2008 3:58:01 PM
> Subject: Re: [brlug-general] open source tools for centralized logging?
> 
> 
> AND you need something that can read the million more log files that 
> don't get pumped into syslog or Event Log. One way to mitigate that 
> though is to get a file2syslog tool and pump those into syslog.
> 
> The thing is, 99% of the interesting stuff is not in /var/log/messages 
> or Event Log. It's in $apphome/logs/error.log.
> 
> John, you've debugged a Tomcat app before. You know what I mean. :)
> 
> 
> Scott Harney wrote:
>> Dustin Puryear wrote:
>>> Seriously, if you have more than just UNIX syslog logging needs,
>  just 
>>> doing a syslog server via Cygwin isn't going to get you very far.
>>>   
>> Right. you need something that will export Windows Event viewer
>  "events" 
>> to syslog messages that can be shipped to a local (Cygwin) or remote 
>> (linux) syslog server.
> 
> 
> 
> 
> 
> 
>       ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
> 
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net

More information about the General mailing list