Czanik@BalaBit

CzP about syslog-ng, music and everything

ABOUT



Name:
czanik@balabit.hu

Job title:
community manager

Age:
37

Visit BalaBit site

Log management solutions
I love syslog-ng

Archive for June, 2011

A comparison of syslog-ng web GUIs

Friday, June 10, 2011 @ 12:06 PM Author:

Central logging of events is already an important part of the IT infrastructure for many years. It is more convenient to browse logs at a central location instead of on individual machines. It is also more secure, as even if an individual machine is compromised, and local logs are altered or removed, one can still check the logs on the central log server. Compliance with different regulations also makes central logging necessary.

System administrators prefer to use the command line. Why bother with GUIs? Grep, awk & Co. are powerful tools, but for complex queries an SQL based web interface makes the job done a lot more quicker. Once there are many messages to search, it’s not just convenient, it’s a must. With thousands of incoming messages a second, the indexes of log databases still give Google like response times even for the most complex queries, while traditional text based tools don’t scale.

In this comparison of web GUIs for syslog-ng I try to cover solutions from simple scripts to browse logs through cloud logging to enterprise level applications. All of these have different strengths and weaknesses, and target different usage scenarios.

Tags: , , , , , ,
off

Compiling syslog-ng with database support for CentOS 5 & Co.

Wednesday, June 8, 2011 @ 11:06 AM Author:

Recently more and more people want to use syslog-ng with database support enabled on CentOS 5, RHEL5 & Co. The syslog-ng package in EPEL does not support it, as libdbi there is too old. But compiling your own database enabled syslog-ng is not a difficult job. This howto is based on input from the syslog-ng mailing list, but tries to install less additional software to the system.

Tags: , , ,
off

syslog-ng FAQ moved and updated

Thursday, June 2, 2011 @ 11:06 AM Author:

First of all, a big “thank you” to Nate Campi, who maintained the syslog-ng FAQ for many years. He covered version 1.X and 2.0 with many useful questions and answers.

There is now also a company behind syslog-ng with a growing team. Syslog-ng has seen a major new version, and this brought in many changes. So after discussing it with Nate, based on his work, we moved the updated syslog-ng FAQ in house. We also changed the URL in the syslog-ng mailing list footer, so it points now to: http://www.balabit.com/wiki/syslog-ng-faq

Tags: ,
off
Czanik@BalaBit
Posts (RSS) and comments (RSS)