Why it's a good thing: better time syncronization and thus easier to decipher interoperation issues.
The potential problems: Firewalls get in the way, locations geographically disperse, too many devices trying to report too much information to one box can cause network problems, syslog information loss, etc.
If things are geographically dispersed, it might make sense to have a hierarchy of syslog servers involved. One server for each location could collect the syslog information for that site, then forward the logs to a central server located elsewhere. Closely related to that issue is the fact that firewalls could get in the way of the syslog traffic flow. Obviously, rules on the firewall need to be created/modified such to allow the traffic.
And if you've got too much syslog data for a network or server to handle, then, you really need to look hard at whether it's a good idea any more. Generally, at that point, the corporation needs to distribute the syslog load, and a central log point no longer is feasible.
And finally, check into syslog-ng (next generation) if you haven't already. We're getting ready to roll it into production here, but we've got at least a months worth of work to ensure everythings ready to migrate over...
-Scott
In reply to Re: Central logging methods and thoughts
by 5mi11er
in thread Central logging methods and thoughts
by bwelch
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |