ScottO wrote: >>Just not sure if rolling out syslog-ng to all the hosts is the best thing to do, when I can just do filtering, carving, etc. at the edge and central levels. That's an important observation, right there. The time you might spend rolling out lots of syslog-ng (and syslog-ng isn't exactly lightweight software by anyone's standards...) is time you could probably spend rolling a convenient mini-aggregator and developing a few analytic scripts for it. Even if you used syslog-ng on just the aggregators it'd mean only installing a few instances - a much smaller system management headache. Sysadmin time can be just as important a factor as network utilization (and then some). mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sun May 28 2006 - 00:12:13 PDT