Message93801
Thank you for responding so quickly Vinay.
I am using a multitude of syslog daemons, from syslog, syslog-ng,
rsyslog, and several different proprietary SIEM/SEM Log archiving
appliances. I work in the security sector.
(Yes I have read Rainer before, its actually a big reason I am writing
the tool that I am working on. Gaps in logs are a real world problem!)
Regarding issue 6444, these users are attempting to use SysLogHandler to
write to the local system's syslog sockets. A way of piggy backing on
the configuration of the local systems logging daemon.
What I am actually doing is ignoring the local systems syslog, and
sending the syslog packets directly to a remote syslog server. This is
to replay syslog data that may have been previously lost due to
connectivity outages. My tool can also be used to send the data to an
external server for forensic reasons.
I believe the answer to your last question also sheds light on your
first question!
The reason that I am looking to add TCP is because a lot of new data
center architectures are heavily utilizing tcp syslog in a chained /
centralized environment. I am also seeing a lot of preferential
treatment of tcp syslog on logging appliances such as Loglogic.
I am sorry to hear that your test environment is lacking the regression
suites that you need.
I do hope that another commiter can test for us. Syslog is an old
technology and I hope that more efforts like mine and Rainer's can help
to identify and correct deficiencies in the design. |
|
Date |
User |
Action |
Args |
2009-10-09 15:17:44 | enigma | set | recipients:
+ enigma, vinay.sajip, r.david.murray |
2009-10-09 15:17:44 | enigma | set | messageid: <1255101464.43.0.562400625865.issue7086@psf.upfronthosting.co.za> |
2009-10-09 15:17:43 | enigma | link | issue7086 messages |
2009-10-09 15:17:42 | enigma | create | |
|