I am building a NOC and looking for tech on central logging. What are other sysops doing in terms of centralizing logging for various platforms: cisco routers / switches, solaris, linux boxes. Anything to facilitate central logging for the purpose of expedition or problem resolution is welcome; and meanwhile I will keep searching... thankyou all
We just use the default syslog on a dedicated syslog box.
just define a host as the loghost in your /etc/hosts file on each box.
No fancy encryption or anything.
the logs from switches router are piped through the local0-7 facilities.
and logged to separate files.
If you wish to be a bit more fancy
you can pipe your UDP syslog messages through netcat
convert to TCP ( pipe it through an SSH tunnel ) and add TCP wrappers on the central box
and a netcat to convert back to UDP for the syslog service.
we're using syslog-ng, builds and runs fine on solaris, has a lot more options (like separating log files per host, and per date, or by month, so on, so forth).
it also offers capability of alerting based on severity; you can use swatch, but i didn't like the options. i just made a custom perl script that throttles back messages (you'd be surprised how many messages you can get if you don't throttle...)
fred
